2025-07-29 23:31:31
Bugcrowd
PUBLISHED
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter