Details

    • Undetermined
    • Ref App 2.11 Release Sprint 3, Ref App 2.12 Priorities

    Description

      Steps to reproduce vulnerability:

      1.) From the main page, click on "Appointment Scheduling"
      2.) click "Manage Service Types"

      3.) click "New Service Type"
      4.) set the name of the new service type to the following string:

      " onmouseover="alert('xss')"

      5.) set the duration and description to any normal value
      6.) click "Save"

      • User should be redirected to the "Manage Service Types" page that displays all service types in tabular format

      7.) on the next page, hover mouse over the edit button associated with the new service type in the service type (an xss alert popup should be triggered - see attachment)

      Gliffy Diagrams

        Attachments

          Activity

            People

              dkayiwa Daniel Kayiwa
              isears Isaac Sears
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: