Stored Cross-site scripting in the Company's name. This allows a person to gain arbitrary execution of JS code on anyone who views the Company's name within their browser.
If a bug:
Q
A
Mautic version
2.11.0
PHP version
7.0
Steps to reproduce:
Create a new company
Set the company name to <img src=x onerror=alert(1)>
Navigate to a place where the company name is reflected and observe an alert box pop up
Log errors:
Please check for related errors in the latest log file in [mautic root]/app/log/ and/or the web server's logs and post them here. Be sure to remove sensitive information if applicable.
None
The text was updated successfully, but these errors were encountered:
What type of report is this:
Description:
Stored Cross-site scripting in the Company's name. This allows a person to gain arbitrary execution of JS code on anyone who views the Company's name within their browser.
If a bug:
Steps to reproduce:
<img src=x onerror=alert(1)>Log errors:
Please check for related errors in the latest log file in [mautic root]/app/log/ and/or the web server's logs and post them here. Be sure to remove sensitive information if applicable.
None
The text was updated successfully, but these errors were encountered: