Find, private notes Cross-site scripting.

Disclosed: 2014-04-21 16:30:41 By smiegles To respondly

Unknown

Vulnerability Details

Hi. When I go to the find page and insert a `private note`, with as content : `<img src='x' onerror='alert(4)'` it will execute directly. As preview : 1.) http://prntscr.com/3axvz5 2.) http://prntscr.com/3axw3k Best regards, Olivier Beg

Actions

View on HackerOne

Report Stats

Report ID: 7917
State: Closed
Substate: resolved
Upvotes: 1

Find, private notes Cross-site scripting.

Vulnerability Details

Actions

Report Stats

Share this report