Closed Bug 713567 Opened 13 years ago Closed 13 years ago

Cross site scripting on registration page

Categories

(Websites Graveyard :: drumbeat.org, defect)

Product:
Websites Graveyard
Component:
drumbeat.org
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: netfuzzerr, Assigned: boozeniges)

Details

(Keywords: wsec-xss, Whiteboard: [infrasec:xss][ws:moderate]) 

User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7

Steps to reproduce:

Hello,

There is a cross site scripting vulnerability in Mozilla Drumbeat. The failure occurs when a User enters a "username" in Mozilla Drumbeat page shows a prediction without properly encode well allowing you to add HTML tags.

Reproduce:
1. Open https://www.drumbeat.org/en-US/register/.
2. In user name type <script>alert('XSSED')</script>.
3. See the alert.

Regards,
Mario


Actual results:

not encode properly so allowing you to add HTML tags.
Severity: normal → major
Thank you for reporting this issue to us. We'll investigate the issue and 
provide feedback within the bug. No additional action is needed from you 
at this time. If you have questions or additional information please add 
that info to the bug.

Thanks,
mgoodwin
Status: UNCONFIRMED → NEW
Ever confirmed: true
Issue:
There is a DOM XSS condition in https://www.drumbeat.org/en-US/register/ in the username field.

Steps to reproduce:
See comment #0

Remediation:
Correctly entity encode any user supplied input prior to addition to the DOM.
Assignee: nobody → ross
Whiteboard: [infrasec:xss][ws:moderate]
Fixed on https://drumbeat.org/en-US/register/ (I believe)
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Thanks
Status: RESOLVED → VERIFIED
Only for know, this bug don't have chance for participate of security bounty program,right?
Can somebody remove the security flag?
Group: websites-security
Hi Mario,

All community reported bugs are nominated for review by the bug bounty team, and a decision is made on a case-by-case basis.  That team will make a determination regarding whether or not the bug qualifies and get back to you.

Thank you for reporting this bug!
Ok, thanks for response.
Summary: Cross site scripting when cadastration page → Cross site scripting on registration page
Mario,

We reviewed this bug for bounty consideration. This site is not on the bounty list and this particular issue, while of course not desirable, does not place users at significant risk. This assessment is based more on the overall risk of the website (and also why we chose not to include this site within the bounty scope)

However, we do appreciate you reporting this bug and have addressed the issue.
Okay. I predicted this, a XSS very integration of the User.  Thanks for fast fix and response!
why this "Blocks 836522" in all my old reports?
(In reply to Mario Gomes from comment #12)
> why this "Blocks 836522" in all my old reports?

836522 is a metabug we are trying for the bounty program. The goal is to make it easier to find dupes within a component and help obtain a consistent payout amount for similar bugs in a component.
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Product: Websites → Websites Graveyard
You need to log in before you can comment on or make changes to this bug.