Please turn on javascript in your browser to play chess.
Developers Forum

Developers Forum

  1. Standard member Rusy1950
    17 Feb '16 17:31
    I discovered a XSS vulnerability in your blitz chess microsite. However this vulnerability has now been patched so I think this thread is too late. Using XHR to "/mysettings/myaccountsettings.php" can get an opponent's email.