<div dir="ltr">Thank you - noted and fixed pushed.<div>Reference: <a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/8323">http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/8323</a></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><b>Connect with us on: </b><a href="http://twitter.com/vtigercrm" style="color:rgb(0,0,204)" target="_blank">Twitter</a> <b>I</b> <a href="http://www.facebook.com/pages/vtiger/226866697333578?sk=wall" style="color:rgb(0,0,204)" target="_blank">Facebook</a> <b>I</b> <a href="https://blogs.vtiger.com/" style="color:rgb(0,0,204)" target="_blank">Blog</a><b> I</b> <a href="http://wiki.vtiger.com/vtiger6/index.php/Main_Page" style="color:rgb(0,0,204)" target="_blank">Wiki</a> <b>I</b> <a href="https://www.vtiger.com/" style="color:rgb(0,0,204)" target="_blank">Website</a></span></div></div></div>
<br><div class="gmail_quote">On Thu, Oct 30, 2014 at 4:16 PM, Amiad Bareli <span dir="ltr"><<a href="mailto:amiad@appsec-labs.com" target="_blank">amiad@appsec-labs.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="rtl"><div dir="ltr">I found XSS bug in the migiration:<br clear="all"></div><div dir="ltr"><a href="https://demo.vtiger.com/migrate/?error=%3Cscript%3Ealert%280%29;%3C/script%3EXSS" target="_blank">https://demo.vtiger.com/migrate/?error=%3Cscript%3Ealert%280%29;%3C/script%3EXSS</a><br></div><div dir="ltr"><br></div><div dir="ltr">(Chrome block XSS. Try other browser)</div><div dir="ltr"><br></div><div dir="ltr">Please, fix its quickly.</div><div dir="ltr"><br></div><div dir="ltr">Amiad</div><div dir="ltr">AppSec Labs</div><div><br></div>---<div><div dir="rtl"><div style="text-align:left" dir="ltr"><span style="font-size:9pt">See more of our services here:</span></div><div dir="ltr"><u></u></div><p dir="ltr"></p><p dir="ltr" style="text-align:left"><a href="http://www.facebook.com/AppsecLabs" style="color:rgb(17,85,204)" target="_blank"><span dir="LTR" style="font-size:10pt;font-family:Arial,sans-serif;color:rgb(64,49,82);text-decoration:none"><img border="0" width="118" height="35" src="cid:image001.jpg@01CF06CF.A8F7C200" alt="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcTtCOu1M8zBp0UqX2-jV94wQGj-Dvk1FmsVznGLBN-h-6Y2kItD"></span></a><a href="http://youtu.be/0wkdPoHWkHc" style="color:rgb(17,85,204)" target="_blank"><span dir="LTR" style="color:rgb(31,73,125);text-decoration:none"><img border="0" width="118" height="35" src="cid:image002.jpg@01CF06CF.A8F7C200" alt="http://www.artrix.co.uk/UserFiles/image/whatson/youtube.jpg"></span></a><a href="http://www.linkedin.com/groups/AppSec-Labs-2803406" style="color:rgb(17,85,204)" target="_blank"><span dir="LTR" style="color:rgb(31,73,125);text-decoration:none"><img border="0" width="118" height="36" src="cid:image003.png@01CF06CF.A8F7C200" alt="http://www.brandonu.ca/careerplanning/files/2010/08/linkedin-logo.png"></span></a></p></div></div>
</div>
<br>_______________________________________________<br>
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br></div>