search

chabanovsky / so_association_tools

These set of tools add a special button that helps to associate questions between Stack Overflow in English and an international Stack Overflow.
7 stars 6 forks source link

XSS in associationBoxTemplate #12

Closed mayorovp closed 6 years ago

mayorovp commented 6 years ago

owner.display_name can contain any user-provided text

Steps to reproduce:

  1. Register new user with display name <script>alert('XSS!')</script>
  2. Publish new question
  3. Add association comment to this question
  4. Wait until CM or Mod visits this page :-)