Page MenuHomePhabricator

Lots of XSS vulnerabilities
Open, HighPublic

Description

All event data is output directly to the renderer's doc element without any escaping in the table syntax. Proof of concept: add the following to an event description and load a page with a table:

Test <script>alert('bang')</script>