Stored Cross Site Scripting in Customer Name
Low
M
Moneybird
Submitted None
Team Summary
Official summary from Moneybird
Researcher found a vulnerability in our contact selector, in which a contact name with HTML would trigger this HTML to be executed. We have improved our contact selector to handle customer names as text instead of HTML.
Actions:
Reported by
yaworsk
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic