Closed Bug 715042 Opened 13 years ago Closed 13 years ago

Xss Vulnerability on Https://www.Wiki.Mozilla.org

Categories

(Websites :: wiki.mozilla.org, defect)

Product:
Websites
Component:
wiki.mozilla.org
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 714540

People

(Reporter: belminv, Unassigned)

Details

(Whiteboard: [infrasec:xss][ws:high]) 

Hello this is Belmin Vehabovic

I found a Non-persistent Vulnerability on Wiki.Mozilla.org

https://wiki.mozilla.org/Special:Search?search=<script>alert("Xss By Belmin Vehabovic");</script>&x=18&y=9
Thank you for reporting this issue to us. We'll investigate the issue and 
provide feedback within the bug. No additional action is needed from you 
at this time. If you have questions or additional information please add 
that info to the bug.

Thanks,
mgoodwin
Status: UNCONFIRMED → NEW
Ever confirmed: true
Issue:
Reflected XSS in wiki.mozilla.org via search.

Steps to reproduce:
Comment #0 has a perfect explanation

Remediation:
Ensure all untrusted data (in this case, user input) is correctly encoded in the resulting HTML.  See https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Preventing_XSS for more information.
Whiteboard: [infrasec:xss][ws:high]
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Group: websites-security
You need to log in before you can comment on or make changes to this bug.