User-Agent: Mozilla/5.0 (Windows NT 5.2; rv:2.0) Gecko/20100101 Firefox/4.0 Build Identifier: A Cross-Site Scripting (XSS) vulnerability has been discovered in developer.mozilla.org, which can be exploited by malicious users to conduct Cross-Site Scripting (XSS) attacks. Input passed via the "pageId" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on Firefox 4.0. FYI. Below is the PoC: Cross-Site Scripting (XSS): =========================== https://developer.mozilla.org/index.php?title=Special:Tags&pageId=1279'"--></style></script><script>alert(document.cookie)</script> Reproducible: Always
I think this is a dupe
(In reply to comment #1) > I think this is a dupe Hi Wil Clouser, Have you tested the PoC on your machine? I have tested and it worked on my Firefox 4.0. Please let me know if you require any further information or enquiries.
(In reply to comment #2) > (In reply to comment #1) > > I think this is a dupe > > Hi Wil Clouser, > Have you tested the PoC on your machine? I have tested and it worked on my > Firefox 4.0. > > Please let me know if you require any further information or enquiries. Also, I have searched thru the reported bug and I couldn't find any duplicates.
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.