Closed Bug 438634 Opened 16 years ago Closed 16 years ago

XSS vulnerability in MDC tag search

Categories

(developer.mozilla.org Graveyard :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bsterne, Unassigned)

References

()

Details

(Keywords: wsec-xss)

The tag parameter is not filtered properly and is vulnerable to XSS. Recommend using htmlentities() to prevent script and HTML injection.
Group: security → websites-security
I've forwarded this issue to MindTouch.
MindTouch has fixed this issue; the next time we pull from them, we'll get this fix.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Component: Deki Infrastructure → Other
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.