Localize: XSS in main page

ID H1:7882
Type hackerone
Reporter nahamsec
Modified 2014-04-18T01:15:06


If a project name is saved with a XSS string such as: “><svg onload="prompt(/xss/);"><!--

and a translator visits it, it'll result in the xss executing in the main page, due to the fact that it shows your recent visits.

Screen: http://prntscr.com/3awwuv