Additional XSS attack not counted as a passed challenge #6
Description
You can do an XSS attack on the Login form that does not count for any
challenge result:
1. Go to http://localhost:18080/bodgeit/login.jsp
2. Provide Username user1@thebodgeitstore.com') --<script>alert("XSS")</script>
Original issue reported on code.google.com by bjoern.k...@gmx.de on 9 Aug 2013 at 8:08