Stored XSS at https://finance.owox.com/customer/accountList

XSS on finance.owox.com instance POC: 1) Login to zhe site 2) Go to the https://finance.owox.com/customer/accountList 3) You will be XSSed immediately. Reproduce steps: 1) Go to the https://finance.owox.com/customer/accountAdd Place in the username next payload: "><script>alert(document.cookie);</script> 3) Go to the https://finance.owox.com/customer/accountList. You will be XSSed since server not escaping quotes and <> entities.