a stored XSS vuln in a banner-like component, visible in ALL the pages in the portal. Anyone can attack anyone.

HOWEVER this was not discovered by 3rd-party security specialists during latest security audit. I have escalated this to my manager and got replied that unless client actively requests this to be fixed should I do anything about it.

FFS.. it's only 2 lines of code.. And there's nothing I can do about it.

Eventualy I was transfered to another project. Now it's not my problem anymore.

- why did you enter test data text value with this <script> html? Don't do that. Use normal text

this is something I've never expected to hear from a php/react dev.... I'm truly disappointed. I really am.

On top of that he refused to follow my recommendations to google: "xss". Another teammate had to google for him and drop a link.

Just when I was about to like working with this guy.... :(