dates1967 / simpleinvoices

Automatically exported from code.google.com/p/simpleinvoices
GNU General Public License v3.0
0 stars 0 forks source link

Stored XSS in Simple Invoices List View #247

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Create an Item / Account that includes script content in a field that is 
rendered in the list view.
2. For example, Create an item with a name like "Name<script>alert(1)</script>" 
and the code will execute whenever the item is rendered in the list view.
3. Profit

What is the expected output? What do you see instead?

I would expect the list to sanitize the output

Please use labels and text to provide additional information.

Original issue reported on code.google.com by matthewj...@gmail.com on 7 Jan 2014 at 12:46