XSS Protection on Developer Portal
During *********** testing, it was found that certain screens in the developer portal are vulnerable to XSS.
eg IE, Firefox or Edge, if you browse to the change user details page, from the profile screen, you can enter
bob"onfocus="alert(1)"autofocus="@example.com for a email
Bob"onfocus="alert(2) as the first name
the Builder"onfocus="alert(3) as the last name.
After you press Update profile, while the information isn't sent to the DB, the popups occur when you click on any of the fields.