Cross-Site Scripting (XSS) Vulnerability Found on developer.mozilla.org

RESOLVED DUPLICATE of bug 622996

Status

Mozilla Developer Network
Wiki pages
--
critical
RESOLVED DUPLICATE of bug 622996
7 years ago
2 years ago

People

(Reporter: Sow Ching Shiong, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (Windows NT 5.2; rv:2.0) Gecko/20100101 Firefox/4.0
Build Identifier: 

A Cross-Site Scripting (XSS) vulnerability has been discovered in developer.mozilla.org, which can be exploited by malicious users to conduct Cross-Site Scripting (XSS) attacks.

Input passed via the "pageId" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Tested on Firefox 4.0.

FYI. Below is the PoC:

Cross-Site Scripting (XSS):
===========================
https://developer.mozilla.org/index.php?title=Special:Tags&pageId=1279'"--></style></script><script>alert(document.cookie)</script>

Reproducible: Always
I think this is a dupe
Component: Other → Website
Product: Websites → Mozilla Developer Network
QA Contact: other → website
(Reporter)

Comment 2

7 years ago
(In reply to comment #1)
> I think this is a dupe

Hi Wil Clouser,
Have you tested the PoC on your machine? I have tested and it worked on my Firefox 4.0.

Please let me know if you require any further information or enquiries.
(Reporter)

Comment 3

7 years ago
(In reply to comment #2)
> (In reply to comment #1)
> > I think this is a dupe
> 
> Hi Wil Clouser,
> Have you tested the PoC on your machine? I have tested and it worked on my
> Firefox 4.0.
> 
> Please let me know if you require any further information or enquiries.

Also, I have searched thru the reported bug and I couldn't find any duplicates.

Updated

7 years ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 622996
(Assignee)

Updated

5 years ago
Component: Website → Landing pages
Product: Mozilla Developer Network → Mozilla Developer Network
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.