Closed
Bug 438634
Opened 16 years ago
Closed 16 years ago
XSS vulnerability in MDC tag search
Categories
(developer.mozilla.org Graveyard :: General, defect)
developer.mozilla.org Graveyard
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bsterne, Unassigned)
References
()
Details
(Keywords: wsec-xss)
The tag parameter is not filtered properly and is vulnerable to XSS. Recommend using htmlentities() to prevent script and HTML injection.
Updated•16 years ago
|
Group: security → websites-security
Comment 1•16 years ago
|
||
I've forwarded this issue to MindTouch.
Comment 2•16 years ago
|
||
MindTouch has fixed this issue; the next time we pull from them, we'll get this fix.
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•12 years ago
|
Component: Deki Infrastructure → Other
Comment 3•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Comment 4•9 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•