Closed
Bug 452715
Opened 16 years ago
Closed 16 years ago
XSS at developer.mozilla.org Special:Tags
Categories
(developer.mozilla.org Graveyard :: User management, task)
developer.mozilla.org Graveyard
User management
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dveditz, Unassigned)
References
()
Details
(Keywords: wsec-xss)
Report on XSSed.com from "pRaLe" http://www.xssed.com/mirror/49004/ Xss problem on the Special:Tags search page http://developer.mozilla.org/Special:Tags?tag=%22/%3E%3Cscript%3Ealert(String.fromCharCode(88,%2083,%2083))%3C/script%3E or http://developer.mozilla.org/Special:Tags?tag="/><script>alert(String.fromCharCode(88,%2083,%2083))</script> We need to check other pages, too. If this is a problem in Deki Wiki generically we should inform the upstream
Comment 1•16 years ago
|
||
I've forwarded this issue to MindTouch.
Reporter | ||
Comment 2•16 years ago
|
||
It's been a couple of week -- can we please shut this hole on our own site without waiting for MindTouch to fix it? That's what open source is about, right?
Comment 3•16 years ago
|
||
I believe this is fixed in the update we'll be installing on Thursday night.
Comment 4•16 years ago
|
||
But I'll check to be sure.
Comment 5•16 years ago
|
||
Eric - if they have not fixed it let us know and we'll do it.
Comment 6•16 years ago
|
||
Yes, will do.
Comment 7•16 years ago
|
||
This will be in the stable branch tomorrow, so we can pick it up when we do the update to 8.08.
Reporter | ||
Updated•16 years ago
|
Group: websites-security
Assignee | ||
Updated•12 years ago
|
Component: Administration → User management
Comment 9•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•