Report on XSSed.com from "pRaLe" http://www.xssed.com/mirror/49004/ Xss problem on the Special:Tags search page http://developer.mozilla.org/Special:Tags?tag=%22/%3E%3Cscript%3Ealert(String.fromCharCode(88,%2083,%2083))%3C/script%3E or http://developer.mozilla.org/Special:Tags?tag="/><script>alert(String.fromCharCode(88,%2083,%2083))</script> We need to check other pages, too. If this is a problem in Deki Wiki generically we should inform the upstream
I've forwarded this issue to MindTouch.
It's been a couple of week -- can we please shut this hole on our own site without waiting for MindTouch to fix it? That's what open source is about, right?
I believe this is fixed in the update we'll be installing on Thursday night.
But I'll check to be sure.
Eric - if they have not fixed it let us know and we'll do it.
Yes, will do.
This will be in the stable branch tomorrow, so we can pick it up when we do the update to 8.08.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Component: Administration → User management
Product: Mozilla Developer Network → Mozilla Developer Network
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
You need to log in before you can comment on or make changes to this bug.