crisischeckin
crisischeckin copied to clipboard
HTBox
Crisis Checkin login page appears vulnerable to cross-site scripting
It looks like login input fields are not being properly sanitized.
Steps to reproduce:
Access https://crisischeckin-d.azurewebsites.net/Account/Login
Enter one of the following values as username:
<SCript>
'
Result: Server returns full stack trace error
