XSS vulnerability in MDC login page (POST only)

RESOLVED FIXED

Status

RESOLVED FIXED
11 years ago
3 years ago

People

(Reporter: bsterne, Unassigned)

Tracking

({wsec-xss})

Details

(URL)

(Reporter)

Description

11 years ago
POSTing the string:
foobar" onclick="alert(123);

in the username field results in the following HTML in the response:
<input name="name" id="nameid" tabindex="2" value="foobar" onclick="alert(123);" type="text">

Recommend using htmlentities to encode quotes, brackets, etc. in the output.
(Reporter)

Comment 1

11 years ago
On the registration page:
http://devmo.dekiwiki.mozilla.org/index.php?title=Special:Userlogin&register=true

the email parameter is also vulnerable.  Sample attack string:
test@foo.com" onclick="alert(123);
Fixed.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Component: Deki Infrastructure → Other
Product: Mozilla Developer Network → Mozilla Developer Network
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.