Details
-
Bug
-
Resolution: Fixed
-
High
-
None
Description
This exploit can be seen from the My Bamboo Dashboard where the user's avatar is displayed.
QA Notes
Verify correct encoding of alternate text of user's avatar is encoded correctly on other places e.g. When a user submits code changes
Steps to reproduce
- Create a user and set full name to be
<script>alert(666)</script>
- Login as user and navigate to My Bamboo dashboard - the script will execute