Cross Site Scripting Vulnerability in Inflectra.

While testing on website ,I found security vulnerability/bug on website https://www.inflectra.com/. This website provides Hall of Fame for Bug Hunters or security researchers to report the vulnerability.So i decided to test this website.By luck and my hard work I found 2 XSS vulnerability on this website.1st was Reflected XSS and another was Persistence XSS.

                                                 Vulnerability 1:

Vulnerability Type: Reflected XSS(Cross site scripting)

Vulnerable Link: http://www.inflectra.com/Support/External.aspx

Payload used: "/><img src=x onerror=alert(/XSS-Tested-By-Yogesh-Prasad/)>

Reproduction step:

1- Go to http://www.inflectra.com/Support/External.aspx2- In search box "First search box" use above given payload.

Press Enter and you will get the "popup box" generated by XSS.

Proof:

                                                          Vulnerability 2:

Vulnerability Type:Stored XSS(Cross site scripting)

Vulnerable Link 1: https://www.inflectra.com/Support/Account/Register.aspx

Vulnerable Link 2: https://www.inflectra.com/Support/Account/Default.aspx

Payload used: "/><img src=x onerror=alert(/XSS-Tested-By-Yogesh/)>

Reproduction step:

1- Go to https://www.inflectra.com/Support/Account/Register.aspx
2- In the First name and Last name boxes use above given payload.and in remaning field use rough details for test
3-Press Enter and your account will be created.
4- Now in "top right side"  you will get the option of profile shown with your username as shown in below picture.
Proof:

For reporting this vulnerability I got listed in their Hall Of Fame Page.
http://www.inflectra.com/Company/Responsible-Disclosure.aspx