- Attack value: <img src=’x’ onerror=’alert(“7”)’>
Steps to replicate:
- 1. Login to the application.
- 2. Navigate to the “My Reports” tab.
- 3. Click on the “New” button.
- 4. Apply the attack value in the “Header (Title)” text box.
- 5. Fill the other required details and click on the “Save” button.
- 6. Click on the “Run Report” button.
Again, this specific case is only with “My Reports”. We’ve replicated this issue in many locations throughout the entire site.
A cross-site scripting security vulnerability was resolved in the Report Manager (or My Reports).