TestSprite Account Email
Proof of Usage
Environment
- Browser: Chrome 131
- OS: macOS (via headless automation)
- Device: Desktop
- Test Duration: ~30 minutes
- Tests Run: Backend API (10 test cases) + Frontend Website (10 test cases)
Bug #1: XSS in Workspace Name (Stored XSS)
Category: Security Concern
Severity: Critical
Steps to Reproduce
- Sign in to TestSprite dashboard
- Click on workspace name dropdown (top-left)
- Enter
<script>alert('xss')</script>as workspace name - Save changes
- Navigate to any page
Expected vs Actual Behavior
- Expected: Input should be sanitized, script tags stripped or escaped
-
Actual: Script tag is stored and renders in the DOM. While
alert()may be blocked by CSP, the payload is stored and could be escalated with different vectors
Screenshot
Environment
- Chrome 131, macOS
- Severity: Critical (Stored XSS allows session hijacking, data theft)
Bug #2: API Test Returns 404 for Valid Endpoint
Category: Functional Bug
Severity: High
Steps to Reproduce
- Create new test suite → Select "Live Web App"
- Enter API name: "TestSprite API"
- Enter URL:
https://api.testsprite.com - Run backend tests
- Observe "Valid POST Request" test
Expected vs Actual Behavior
- Expected: API should return 200 status or appropriate response
- Actual: Returns 404 Not Found for all API endpoints tested
Screenshot
Environment
- Chrome 131, macOS
- Severity: High (API endpoints are non-functional)
Bug #3: Credit Deduction Without Clear Warning
Category: Usability Issue
Severity: Medium
Steps to Reproduce
- Start with 150 credits
- Create backend test (10 test cases)
- Create frontend test (10 test cases)
- Observe credit balance
Expected vs Actual Behavior
- Expected: Clear warning before test execution showing exact credit cost
- Actual: Credits deducted silently (150 → 140 → 120) without explicit confirmation
Screenshot
Environment
- Chrome 131, macOS
- Severity: Medium (Users may unknowingly exhaust credits)
Bug #4: Frontend Test Timeout Without Feedback
Category: Functional Bug
Severity: Medium
Steps to Reproduce
- Create frontend test for https://www.testsprite.com
- Wait for test execution
- Observe test progress
Expected vs Actual Behavior
- Expected: Test should complete within reasonable time with progress updates
- Actual: Test hangs in "In Progress" state for over 2 minutes without completing
Screenshot
Environment
- Chrome 131, macOS
- Severity: Medium (Blocks test completion, wastes time)
Bug #5: Test Plan Generation Progress Bar Inconsistency
Category: Visual/UI Bug
Severity: Low
Steps to Reproduce
- Create new test suite
- Enter API details
- Observe "Generating Test Plan" progress
Expected vs Actual Behavior
- Expected: Progress bar should smoothly increment from 0% to 100%
- Actual: Progress jumps erratically (6% → 11% → 23% → 30%)
Screenshot
Environment
- Chrome 131, macOS
- Severity: Low (Cosmetic issue)
Bug #6: Mobile Navigation Overlap
Category: Visual/UI Bug
Severity: Medium
Steps to Reproduce
- Resize browser to mobile width (375px)
- Navigate to dashboard
- Observe sidebar and content layout
Expected vs Actual Behavior
- Expected: Sidebar should collapse to hamburger menu
- Actual: Sidebar overlaps main content area
Screenshot
Environment
- Chrome 131, macOS (responsive mode)
- Severity: Medium (Affects mobile usability)
Bug #7: Inconsistent Error Messages
Category: Usability Issue
Severity: Low
Steps to Reproduce
- Enter invalid API endpoint
- Try to proceed to next step
- Observe error message
Expected vs Actual Behavior
- Expected: Clear error message: "Please enter a valid URL"
- Actual: Generic error "Invalid input" without specific guidance
Screenshot
Environment
- Chrome 131, macOS
- Severity: Low (Usability friction)
Summary
| Bug | Category | Severity |
|---|---|---|
| #1 | Security (XSS) | Critical |
| #2 | Functional | High |
| #3 | Usability | Medium |
| #4 | Functional | Medium |
| #5 | Visual/UI | Low |
| #6 | Visual/UI | Medium |
| #7 | Usability | Low |
Total: 7 unique bugs found in ~30 minutes
Credits Used: 30 (from 150 to 120)
Top comments (0)