Closed
Bug 1758433
Opened 4 years ago
Closed 4 years ago
XSS vulnerability in captive portal detector
Categories
(Firefox :: Untriaged, enhancement)
Tracking
()
VERIFIED
INVALID
People
(Reporter: minkhantzaw.personal, Unassigned)
Details
Attachments
(1 file)
|
464 bytes,
text/plain
|
Details |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0
Steps to reproduce:
Ruckus guest portal redirected to the http://detectportal.firefox.com/canonical.html and some parameters are required. Input the script tag in the key parameter to popup with alert() function.
Actual results:
Escape from the script tag which request the user's input and inject some html tag which lead to XSS vulnerability and it worked.
Expected results:
The parameter in the script tag which request user's input should be filter some characters to avoid XSS vulnerability.
|
Reporter | |
Updated•4 years ago
|
Flags: needinfo?(minkhantzaw.personal)
|
|
Reporter | |
Updated•4 years ago
|
Flags: needinfo?(minkhantzaw.personal)
|
|
Reporter | |
Updated•4 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → INVALID
|
|
Reporter | |
Updated•4 years ago
|
Status: RESOLVED → VERIFIED
|
||
Updated•3 years ago
|
Attachment #9266812 -
Attachment mime type: text/markdown → text/plain
|
|
||
Updated•3 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•