Hi, I found another information disclosure vulnerability/Full Path Disclosure on your application. this time its on Creating New Group Section.
GET : http://www.localize.io/pages/create_project/ [project ID] POST CONTENT: CSRFToken=TOKEN VALUE&addGroup[name]=new+group
I just Added "" after addGroup[name] and Replied.
> Warning: trim() expects parameter 1 to be string, array given in /var/www/vhosts/lvps178-77-99-228.dedicated.hosteurope.de/httpdocs_localize/classes/Phrase.php on line 213
I Also Added a Screenshot of that FPD as attachment.. Hope You'll fix this one also.. Thanks