Closed
Bug 463069
(WH-1628756)
Opened 17 years ago
Closed 17 years ago
XSS vulns on tiki-browse_categories.php
Categories
(support.mozilla.org :: Knowledge Base Software, task)
support.mozilla.org
Knowledge Base Software
Tracking
(Not tracked)
VERIFIED
FIXED
0.7.2
People
(Reporter: reed, Assigned: laura)
References
()
Details
(Keywords: wsec-xss, Whiteboard: tiki_bug, tiki_upstreamed)
Attachments
(1 file)
|
3.58 KB,
patch
|
nkoth
:
review+
|
Details | Diff | Splinter Review |
https://support.mozilla.com/tiki-browse_categories.php?find=%22%20STYLE=%22background-image:%20x(a:whs())&deep=off&type=&parentId=13&offset=930&sort_mode=name_asc
https://support.mozilla.com/tiki-browse_categories.php?find=&deep=off&type=&parentId=%22%20STYLE=%22background-image:%20x(a:whs())&offset=930&sort_mode=name_asc
|
Assignee | |
Updated•17 years ago
|
Assignee: nobody → laura
Target Milestone: --- → 0.7.2
|
|
Assignee | |
Comment 1•17 years ago
|
||
Sadly, the fix for the first three bugs doesn't fix this one.
|
Reporter | |
Updated•17 years ago
|
Group: websites-security
|
|
Reporter | |
Updated•17 years ago
|
Group: websites-security
|
|
Assignee | |
Comment 2•17 years ago
|
||
More to the point, the first one is fixed but the second one isn't. Not too hard to iron out I hope.
|
|
Assignee | |
Comment 3•17 years ago
|
||
Attachment #347382 -
Flags: review?(nelson)
|
|
||
Updated•17 years ago
|
Attachment #347382 -
Flags: review?(nelson) → review+
|
||
Comment 5•16 years ago
|
||
[1] https://support-stage.mozilla.org/tiki-browse_categories.php?find=%22%20STYLE=%22background-image:%20x%28a:whs%28%29%29&deep=off&type=&parentId=13&offset=930&sort_mode=name_asc:
"Error
An unexpected error has occurred!"
[2] https://support-stage.mozilla.org/tiki-browse_categories.php?find=&deep=off&type=&parentId=%22%20STYLE=%22background-image:%20x%28a:whs%28%29%29&offset=930&sort_mode=name_asc:
"Choose a category
Top ::
<<
<<"
I couldn't ever reproduce [1], but Laura mentions that in comment 2; [2] I could reproduce on production:
"Choose a category
admin category
Top ::
Set email notifications for this category: watch this category Currently off"
Verified FIXED
Status: RESOLVED → VERIFIED
|
|
||
Updated•16 years ago
|
Keywords: push-needed
|
|
||
Updated•16 years ago
|
Whiteboard: tiki_bug
|
|
||
Updated•16 years ago
|
Whiteboard: tiki_bug → tiki_bug, tiki_upstreamed
|
|
||
Comment 6•12 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
|
||
Comment 7•9 years ago
|
||
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•