Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.5
-
None
-
6.5
-
Description
This is from an external report. Creating a user with username:
"><img src=x onerror=prompt(1)>
and returning to the dashboard will demonstrate the script injection. This PoC will not work in Chrome/Chromium, but will in Firefox and other browsers that do not have such protective measures.
Attachments
Issue Links
- mentioned in
-
Page Loading...