## Summary: [add summary of the vulnerability] ## Steps To Reproduce: - Go to Company > Buddies-to-Be > Custom variables - Add malicious code: `" onmouseover="confirm(document.domain)" a="` {F915718} - Go to Company > Messages > Blank email - In the WYSIWYG editor select `Custom variables` - Malicious code executed {F915719} ## Impact With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Stored