Closed Bug 276988 Opened 20 years ago Closed 18 years ago

XSS vulnerability on mozcal.org

Categories

(mozilla.org :: Miscellaneous, task)

Product:
mozilla.org
Component:
Miscellaneous
Platform:
x86
Windows XP
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mikx, Assigned: mostafah)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Build Identifier: 

http://www.mozcal.org/faq/index.php?
p=search&srcText=faq&submit=Go&cat_id=2&srcWhat="><script>alert(document.cookie)
</script>

Tested with Internet Explorer 6 using WinXP SP2




Reproducible: Always
For the record, this site is neither owned nor operated by the Mozilla
Foundation...  There's no information on the site to indicate who does own it,
though, and the whois information is using one of those ID protection services.
 Hopefully someone on the Calendar team is familiar with it and will know who to
contact though.
Component: General → Miscellaneous
Product: Calendar → mozilla.org
Version: unspecified → other
Group: security → webtools-security
I've contacted the contributor who provides mozcal.org and meanwhile I have
disabled the link to it.
->invalid
wasn't our site, and appears entirely down now
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.