Closed
Bug 1339039
Opened 7 years ago
Closed 7 years ago
Stored XSS - https://thimble.mozilla.org
Categories
(Websites :: Other, defect)
Websites
Other
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: engg_adeel.imtiaz, Unassigned)
References
()
Details
(Keywords: wsec-xss, Whiteboard: [reporter-external] [web-bounty-form])
I Injected Malicious script on Project Name i.e "><img src=x onerror=prompt('ProjectName');> and found that it is vulnerable to Stored XSS vulnerability via Project Name Input Field. For your reference, PoC Link: https://thimbleprojects.org/adeelimtiaz90/205667/
Flags: sec-bounty?
Nice find! Thanks Adeel! Stored XSS is usually sec-critical, but I consider it running on the separate thimbleprojects.org usercontent domain instead of a mozilla.org subdomain a mitigating circumstance and gave this sec-high. Happy to upgrade the severity if you have a way to execute JS on a mozilla.org subdomain.
Comment 2•7 years ago
|
||
We have domains like this for BMO (bmoattachments), MDN (mozillausercontent), etc.; they're not considered vulnerabilities unless it's on the parent domain (*.mozilla.org) -- they're actually intended for people to serve JavaScript from, so this is actually working as intended.
Updated•7 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•