Status

RESOLVED INVALID
2 years ago
2 years ago

People

(Reporter: dvs.cissp, Unassigned)

Tracking

unspecified
Bug Flags:
sec-bounty -

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Attachments

(1 attachment)

826.58 KB, image/png
Details
(Reporter)

Description

2 years ago
Steps: 

1. Create a simple HTML file with my XSS payload:
<p>Drag me!</p> <script> document.addEventListener("dragstart", function(event) {     event.dataTransfer.setData("text/plain", "javascript:prompt(document.domain)"); }); </script>
2. Go to: *.mozilla.org
3. Drag and drop into the drawing module, and the XSS is there :)
Flags: sec-bounty?
(Reporter)

Comment 1

2 years ago
Created attachment 8786562 [details]
POC
(Reporter)

Comment 2

2 years ago
I test on Google Chrome 52.0.2743.116 m (64-bit)/ Windows 10 64bit
Self-xss is does not qualify, this isn't a security flaw.
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INVALID
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.