Closed
Bug 780049
Opened 12 years ago
Closed 6 years ago
Kuma: RSS - Attempted XSS can cause funky output in RSS feed
Categories
(developer.mozilla.org :: Security, defect, P3)
developer.mozilla.org
Security
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: sheppy, Unassigned)
Details
(Keywords: in-triage, wsec-xss)
Attempts at XSS (such as a title of "User:x002'>"><img src=x onerror=alert(1)>") can cause completely borked output in the RSS feed of changes.
|
||
Comment 1•12 years ago
|
||
Could be HTML in general.
|
|
||
Updated•12 years ago
|
Priority: -- → P2
|
Assignee | |
Updated•12 years ago
|
Version: Kuma → unspecified
|
|
Assignee | |
Updated•12 years ago
|
Component: Website → Landing pages
|
|
||
Updated•11 years ago
|
Component: Landing pages → Design / user experience
|
||
Comment 2•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
|
||
Updated•10 years ago
|
Component: Design / user experience → General
|
||
Comment 3•6 years ago
|
||
Is this still happening, sheppy?
Component: General → Security
Flags: needinfo?(eshepherd)
Priority: P2 → P3
|
|
||
Comment 4•6 years ago
|
||
Wontfix until someone comes up with a reasonable example.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(eshepherd)
Keywords: in-triage
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•