XSS in main page (invitation)
Unknown
Vulnerability Details
If a project name is saved with a XSS string such as:
“><svg onload="prompt(/xss/);"><!--
and a translator visits and requests and invite, it'll result in the xss executing in the main page, due to the fact that it shows your requests.
Screen:
http://prntscr.com/3awwuv
Actions
View on HackerOneReport Stats
- Report ID: 7886
- State: Closed
- Substate: resolved
- Upvotes: 4