XSS in invite approval
Unknown
Vulnerability Details
If a translator's name is set as “><svg onload="prompt(/xss/);"> and requests to join a project, and the project admin clicks on the review to accept it, it results in an xss.
Screen:
attacker/translator:
http://prntscr.com/3ax1ca
contributor/admin:
http://prntscr.com/3ax1ix
Actions
View on HackerOneReport Stats
- Report ID: 7887
- State: Closed
- Substate: resolved
- Upvotes: 6