Stored XSS Vulnerability

Hi @francoisjacquet

I believe to have found a Stored XSS Vulnerability in RosarioSIS. I decided not to go into any specifics here (yet). I would appreciate it if you could get back to me with your preferred way of talking about this, because I couldn't find any information on how to talk about security related issues.

For completeness' sake:

The RosarioSIS version is the latest one (commit 6549919d)
PHP version: 7.2.13
PostgreSQL version: 10.6
Server: Apache 2.4.29 (Ubuntu)
Browser: Mozilla Firefox 64.0 (Ubuntu)

Regards

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information