Closed
Bug 505337
Opened 15 years ago
Closed 15 years ago
XSS vuln in 'matchuser' parameter on Special:ListUsers page
Categories
(developer.mozilla.org Graveyard :: General, defect)
developer.mozilla.org Graveyard
General
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: reed, Assigned: royk)
References
()
Details
(Keywords: wsec-xss)
Attachments
(1 file)
1.02 KB,
patch
|
Details | Diff | Splinter Review |
Found by hyperscan https://developer.mozilla.org/Special:ListUsers?matchuser=<script>alert("XSS");</script> <div class="errormsg systemmsg" id="sessionMsg"><div class="inner"><ul><li>User <script>alert("XSS");</script> could not be found.</li></ul></div></div> </div>
Reporter | ||
Comment 1•15 years ago
|
||
Filed upstream as http://bugs.developer.mindtouch.com/view.php?id=6834.
Reporter | ||
Comment 2•15 years ago
|
||
Reporter | ||
Comment 3•15 years ago
|
||
Patch resolved the issue.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•15 years ago
|
Assignee: nobody → royk
Updated•12 years ago
|
Component: Deki Infrastructure → Other
Comment 5•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Comment 6•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•