Closed Bug 434554 Opened 17 years ago Closed 17 years ago

XSS vulnerability in SUMO login

Categories

(support.mozilla.org :: General, defect)

Product:
support.mozilla.org
Component:
General
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: bsterne, Assigned: laura)

References

(
URL
)

Details

(Keywords: wsec-xss, Whiteboard: tiki_test)

Attachments

(1 file)

Patch to escape user parameter correctly.
1.87 KB, patch
laura
: review+
Details | Diff | Splinter Review
The SUMO login form unsafely uses the "user" URL parameter to populate the username field. It could be used for XSS or website defacement. Example attack URL: http://support.mozilla.com/tiki-login_scr.php?user=<a+href="javascript:alert(document.cookie)">Click+Me</a>
Target Milestone: --- → 0.6.1
Assignee: nobody → laura
It's been over two months. What's the status of fixing this? XSS vulns can be just as bad as any other type of vuln.
It's targeted to the 0.6.1 milestone, so next week.
Attachment #330969 - Flags: review+
In trunk r17338, production branch r17342. Thanks Jacob.
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: push-needed
Resolution: --- → FIXED
Group: webtools-security → websites-security
Group: websites-security
Group: websites-security
Verified FIXED; I now get: "Log in Username: <a href="ja<x>vascript:al<x>ert(document.cookie)">Click Me</a> Password:"
URL: http://support.mozilla.com/tiki-login...
Status: RESOLVED → VERIFIED
Keywords: push-needed
Whiteboard: tiki_triage
Whiteboard: tiki_triage → tiki_test
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: