Status

Websites
Other
RESOLVED INVALID
a year ago
a year ago

People

(Reporter: Adeel Imtiaz, Unassigned)

Tracking

({wsec-xss})

unspecified
wsec-xss
Bug Flags:
sec-bounty -

Details

(Whiteboard: [reporter-external] [web-bounty-form], URL)

(Reporter)

Description

a year ago
I Injected Malicious script on Project Name i.e  "><img src=x onerror=prompt('ProjectName');> and found that it is vulnerable to Stored XSS vulnerability via Project Name Input Field.

For your reference, PoC Link:
https://thimbleprojects.org/adeelimtiaz90/205667/
Flags: sec-bounty?

Comment 1

a year ago
Nice find! Thanks Adeel!

Stored XSS is usually sec-critical, but I consider it running on the separate thimbleprojects.org usercontent domain instead of a mozilla.org subdomain a mitigating circumstance and gave this sec-high. Happy to upgrade the severity if you have a way to execute JS on a mozilla.org subdomain.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: sec-high, wsec-xss
Whiteboard: [reporter-external] [web-bounty-form] [verif?] → [reporter-external] [web-bounty-form]
We have domains like this for BMO (bmoattachments), MDN (mozillausercontent), etc.; they're not considered vulnerabilities unless it's on the parent domain (*.mozilla.org) -- they're actually intended for people to serve JavaScript from, so this is actually working as intended.

Updated

a year ago
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID
Flags: sec-bounty? → sec-bounty-
Keywords: sec-high
Group: websites-security
You need to log in before you can comment on or make changes to this bug.