Closed
Bug 1762436
Opened 3 years ago
Closed 3 years ago
Paylod XSS (minor) to Crash Thread Questions
Categories
(Websites :: Other, task)
Websites
Other
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1762422
People
(Reporter: alisyarief.404, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Paylod XSS (minor) to Crash Thread Questions
- Login website https://support.mozilla.org/
- Go to https://support.mozilla.org/en-US/questions/all
- Comment on Thread Questions with payload below
<IMG SRC="jav ascript:alert('XSS');">
- After comment on Thread Questions, thread questions crash and alert :
An Error Occurred
Oh, no! It looks like an unexpected error occurred. We've already notified the site administrators. Please try again now, or in a few minutes.
- This not Denial-of-service attack or Rate Limit, because this payload impact only user support.mozilla.org
Impact :
This Dangerous!!! because All Thread Question is crash and cannot Error Occurred, and user cannot access this thread.
Supporting Material/References:
Because the proof of concept video file is too big, I uploaded it on youtube and the setting not public :
Thanks
Flags: sec-bounty?
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
|
||
Comment 2•3 years ago
|
||
This is the same underlying sanitization code as your bug 1762422. denying the bounty request here for that reason, we are still investigating the issue in the other bug though.
Flags: sec-bounty? → sec-bounty-
Group: websites-security
|
||
Updated•10 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•