Enter: stored xss in transaction

Open wallet settings and remove maxlength="30" from wallet name input 2. Change name to something like this asdf'"alert1 3. Go to "Send bitcoin" and make inbound transfer from one wallet to another with description: descalert'xss in description' 4. Submit form 5. After submit we got xss both in...

Enter: Stored XSS in api key of operator wallet

Make an operation wallet 2. Open wallet settings 3. Press "New key" 4. In source code remove "maxlength=30" of key's name input tag - no length check on server-side 5. Fill name input with "asdf" PoC 6. Press "Generate Key" 7. After that when open wallet settings we got XSS. 8. In case we can...