To reproduce vulnerability:
1.) from the main page: click "Configure Metadata" -> under "Locations" click "Manage Locations"
3.) click "Add New Location"
4.) set the name of the location to the following string:
5.) fill in all other required fields normally and submit new location
- user should be redirected back to the "Manage Locations" page
6.) from the "Manage Locations" page, click on the edit button next to the newly created location
7.) hover mouse over the name input text box (should trigger JS alert popup)
Note #1: Although I have only tested the name field, it is likely that many of the other fields are also vulnerable to the same style of attack
Note #2: The second attachment shows that this xss in locations is also executed on the login page. These locations will also have to be sanitized.