Closed Bug 761114 Opened 13 years ago Closed 12 years ago

[wiki.mozilla.org] Semantic Forms cross site scripting

Categories

(Websites :: wiki.mozilla.org, defect, P2)

defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: insecurity.ro, Unassigned)

References

Details

(Keywords: wsec-xss, Whiteboard: [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org])

Attachments

(1 file)

240.27 KB, image/png
Details
Attached image wiki.png
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0 Build ID: 20120420145725 Steps to reproduce: We have a cross site scripting on wiki mozilla.(Semantic Forms) Actual results: I use a simple user account. (on wiki mozilla) Test on mozilla firefox new version. We have a xss in https://wiki.mozilla.org/Special:CreateForm Form name - our "field for xss". Put our xss code in field "form name", Add template and press button add. our xss code : ""><script>alert("3")</script> Video PoC: http://youtu.be/c1QkVOUEjMQ
Status: UNCONFIRMED → NEW
Ever confirmed: true
bugs in the wiki are not eligible for the bounty. please see http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs
Not sure who runs wikimo or communicates bugs to Mediawiki, guessing mrz will know.
Assignee: nobody → mrz
Assignee: mrz → bburton
(In reply to Reed Loden [:reed] from comment #5) > Submitted upstream as https://bugzilla.wikimedia.org/show_bug.cgi?id=38150. :reed, can you cc me on the upstream bug?
Summary: wiki.mozilla.org cross site scripting → [wiki.mozilla.org] Semantic Forms cross site scripting
Whiteboard: [pending new release of semantic forms]
I posted an update to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 about when the next release will do, last one was 03/27/2012
Whiteboard: [pending new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms]
Assignee: bburton → nobody
Priority: -- → P2
Whiteboard: [triaged 20120831][waiting][new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org]
This appears to be fixed to me, likely by the last wiki software update.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Chris, Can I please get access to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify if/when we've deployed the fix? (It might be that the upstream bug is also eligible to be made public.)
Flags: needinfo?(csteipp)
(In reply to Gordon P. Hemsley [:GPHemsley] from comment #11) > Chris, > > Can I please get access to > https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify > if/when we've deployed the fix? (It might be that the upstream bug is also > eligible to be made public.) Done. Do let me know if we can make it public-- we didn't want to do that if mozilla wasn't patched.
Flags: needinfo?(csteipp)
Looks like this was patched in Semantic Forms 2.5 and we're running 2.6.1; we should be good to release the embargo. Thanks, Chris!
Group: websites-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: