Xss Vulnerability on Https://www.Wiki.Mozilla.org

RESOLVED DUPLICATE of bug 714540

Status

--
critical
RESOLVED DUPLICATE of bug 714540
7 years ago
4 years ago

People

(Reporter: belminv, Unassigned)

Tracking

Details

(Whiteboard: [infrasec:xss][ws:high])

(Reporter)

Description

7 years ago
Hello this is Belmin Vehabovic

I found a Non-persistent Vulnerability on Wiki.Mozilla.org

https://wiki.mozilla.org/Special:Search?search=<script>alert("Xss By Belmin Vehabovic");</script>&x=18&y=9
Thank you for reporting this issue to us. We'll investigate the issue and 
provide feedback within the bug. No additional action is needed from you 
at this time. If you have questions or additional information please add 
that info to the bug.

Thanks,
mgoodwin
Status: UNCONFIRMED → NEW
Ever confirmed: true
Issue:
Reflected XSS in wiki.mozilla.org via search.

Steps to reproduce:
Comment #0 has a perfect explanation

Remediation:
Ensure all untrusted data (in this case, user input) is correctly encoded in the resulting HTML.  See https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Preventing_XSS for more information.
Whiteboard: [infrasec:xss][ws:high]
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 714540
Group: websites-security
You need to log in before you can comment on or make changes to this bug.