Reflected xss in CloneSessionPost.jspa
In plugin/src/main/resources/templates/excalibur/web/testsessions/test-session-clone.vm on line 2, the 'testSessionId' parameter is extracted from the request parameters and inserted without first html encoding the value into the form element 'action' value. This means means that the resource is...