Description: The application does not sanitize Javascript/HTML in input fields.
Potential Impact: Allows for a malicious actor to execute scripts in the victim’s browser, making it possible for the attacker to extract sensitive information about the user.
Affected part of the application: All input fields that render content supplied by the user, such as: comments, stream posts and profile fields.
Type of vulnerability: Stored Cross-Site Scripting (https://cwe.mitre.org/data/definitions/79.html)
Description: The application does not sanitize Javascript/HTML in input fields. Potential Impact: Allows for a malicious actor to execute scripts in the victim’s browser, making it possible for the attacker to extract sensitive information about the user. Affected part of the application: All input fields that render content supplied by the user, such as: comments, stream posts and profile fields. Type of vulnerability: Stored Cross-Site Scripting (https://cwe.mitre.org/data/definitions/79.html)