Closed
Bug 761114
Opened 13 years ago
Closed 12 years ago
[wiki.mozilla.org] Semantic Forms cross site scripting
Categories
(Websites :: wiki.mozilla.org, defect, P2)
Websites
wiki.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: insecurity.ro, Unassigned)
References
Details
(Keywords: wsec-xss, Whiteboard: [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org])
Attachments
(1 file)
|
240.27 KB,
image/png
|
Details |
wiki.png
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0
Build ID: 20120420145725
Steps to reproduce:
We have a cross site scripting on wiki mozilla.(Semantic Forms)
Actual results:
I use a simple user account. (on wiki mozilla)
Test on mozilla firefox new version.
We have a xss in https://wiki.mozilla.org/Special:CreateForm
Form name - our "field for xss".
Put our xss code in field "form name", Add template and press button add.
our xss code :
""><script>alert("3")</script>
Video PoC:
http://youtu.be/c1QkVOUEjMQ
|
||
Updated•13 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 3•13 years ago
|
||
bugs in the wiki are not eligible for the bounty. please see
http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs
|
|
||
Comment 4•13 years ago
|
||
Not sure who runs wikimo or communicates bugs to Mediawiki, guessing mrz will know.
Assignee: nobody → mrz
|
||
Comment 5•13 years ago
|
||
Submitted upstream as https://bugzilla.wikimedia.org/show_bug.cgi?id=38150.
|
||
Updated•13 years ago
|
Assignee: mrz → bburton
|
||
Comment 6•13 years ago
|
||
(In reply to Reed Loden [:reed] from comment #5)
> Submitted upstream as https://bugzilla.wikimedia.org/show_bug.cgi?id=38150.
:reed, can you cc me on the upstream bug?
|
|
||
Updated•13 years ago
|
Summary: wiki.mozilla.org cross site scripting → [wiki.mozilla.org] Semantic Forms cross site scripting
Whiteboard: [pending new release of semantic forms]
|
|
||
Comment 7•13 years ago
|
||
I posted an update to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 about when the next release will do, last one was 03/27/2012
Whiteboard: [pending new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms]
|
|
||
Updated•13 years ago
|
Assignee: bburton → nobody
Priority: -- → P2
|
||
Updated•12 years ago
|
Whiteboard: [triaged 20120831][waiting][new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org]
|
||
Comment 9•12 years ago
|
||
This appears to be fixed to me, likely by the last wiki software update.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 10•12 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
|
||
Comment 11•11 years ago
|
||
Chris,
Can I please get access to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify if/when we've deployed the fix? (It might be that the upstream bug is also eligible to be made public.)
Flags: needinfo?(csteipp)
|
||
Comment 12•11 years ago
|
||
(In reply to Gordon P. Hemsley [:GPHemsley] from comment #11)
> Chris,
>
> Can I please get access to
> https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify
> if/when we've deployed the fix? (It might be that the upstream bug is also
> eligible to be made public.)
Done. Do let me know if we can make it public-- we didn't want to do that if mozilla wasn't patched.
Flags: needinfo?(csteipp)
|
|
||
Comment 13•11 years ago
|
||
Looks like this was patched in Semantic Forms 2.5 and we're running 2.6.1; we should be good to release the embargo. Thanks, Chris!
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•