Dear Ladies and Gentlemen,
First of all thank you for your time and effort reading my Report.
While doing the Penetration Test i was able to identify a stored XSS in the Username.
When an admin or another Users try to set up a new account and set his name to <script>alert(‘1’)</script> the Javascript will run and will be stored for admin and all other Users.
The Process of the Vulnerability:
Mitigation:
Please do not allow Javascript Code to run and never trust User-Input.
At the End I want to thank you for your time and effort and hope hearing from you soon.
Best regards
Ahmed Hassan