XSS vulnerability through various form elements.
There was almost no user input sanitisation on various forms across the site including the event search result pages and password reset pages. There were parameters made available through the URL so malicious links could easily be generated to steal the bt.com domain cookies.
Reported Fixed Unknown
Back