Possible injection-style hack attempt spotted in review name titles: http://i.imgur.com/DbXye2O.png Nothing that looks terribly severe, but there could be more in other fields. Taken from: https://marketplace.firefox.com/app/etsy
They were hitting verbatim over the weekend with netsparker - this could be the same folks. I'm undoing the security flag on the bug as I don't think there is a security hole here, but I'll leave the bug open because we should look at the extent (if they have 1000 reviews, let's delete 'em) and also revisit our limit on reviews-per-hour -- I'm not even sure what it is.
The review was over a month old and that account (at least) was only used for a few reviews. I don't run any user reports and the search function doesn't (easily) show all possible accounts with similar names, but sticking random bits of html in names does appear to be quite common though - https://marketplace.firefox.com/lookup/user/4612488/summary :)
The XSS was correctly caught and handled. Reviews can be moderated and handled. I don't think there's anything to do here apart from clean these out.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.