[marketplace.informatica.com] Profile stored XSS
High
I
Informatica
Submitted None
Actions:
Reported by
s_p_q_r
Vulnerability Details
Technical details and impact analysis
The user name and lastname are inserted into JS with quotes non-escaped:
```javascript
var pageNameDTM = "%name% %lastname%".replace(/[^a-zA-Z0-9 ]/g, "").replace(/ +/g, " ");
```
**PoC:**
1. Log into your account
2. Set your name and lastname to **"-alert(document.domain)-"**
3. Open your profile page https://marketplace.informatica.com/people/%email% from another account
The script will be executed:
{F142515}
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic