Sessions Release Notes
June 23, 2017
Bug fixes
-
The following Sessions URL causes a pop-up in the application, illustrating a stored XSS vulnerability: https://session.qTestnet.com/error?code=500&msg=XSS%20Example&detail=”’><script>alert(1);</script>
-
The URL below accepted user-controlled information and allowed an attacker to present arbitrary text to the user: https://session.qTestnet.com/error?code=500&msg=Custom%20Error%20Message&detail=Custom%20error%20details%20here