multiple xss vulns

210
Defect
stetus
Jack
2.3.2
2.2
-
Closed
Highest
Blocker
7 years ago
4 years ago
0

Description

Are there any input validations?

There are XSS vulns all over the site. At least while viewing a ticket <title>XXX</title>, <input type="text" name="summary" value="XXX" /> and the eMail input field in UserCP are not checked at all.

I stopped testing here because of acute disbelieve. I hope I got something very wrong..

Ticket History

6 years and 11 months ago by Jack

  • Closed ticket as Closed

6 years and 6 months ago by Jack

  • Changed Milestone from 3.0 to 2.3.2