Sessions Release Notes

June 23, 2017

Bug fixes

• The following Sessions URL causes a pop-up in the application, illustrating a stored XSS vulnerability: https://session.qTestnet.com/error?code=500&msg=XSS%20Example&detail=”’><script>alert(1);</script>

• The URL below accepted user-controlled information and allowed an attacker to present arbitrary text to the user: https://session.qTestnet.com/error?code=500&msg=Custom%20Error%20Message&detail=Custom%20error%20details%20here