Closed
Bug 761114
Opened 10 years ago
Closed 9 years ago
[wiki.mozilla.org] Semantic Forms cross site scripting
Categories
(Websites :: wiki.mozilla.org, defect, P2)
Websites
wiki.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: insecurity.ro, Unassigned)
References
Details
(Keywords: wsec-xss, Whiteboard: [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org])
Attachments
(1 file)
240.27 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0 Build ID: 20120420145725 Steps to reproduce: We have a cross site scripting on wiki mozilla.(Semantic Forms) Actual results: I use a simple user account. (on wiki mozilla) Test on mozilla firefox new version. We have a xss in https://wiki.mozilla.org/Special:CreateForm Form name - our "field for xss". Put our xss code in field "form name", Add template and press button add. our xss code : ""><script>alert("3")</script> Video PoC: http://youtu.be/c1QkVOUEjMQ
Also it's work in http://www.semantic-mediawiki.org/wiki/Special:CreateForm http://i1256.photobucket.com/albums/ii488/testfortest/123/ww.png?t=1338819700
Updated•10 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•10 years ago
|
||
bugs in the wiki are not eligible for the bounty. please see http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs
Comment 4•10 years ago
|
||
Not sure who runs wikimo or communicates bugs to Mediawiki, guessing mrz will know.
Assignee: nobody → mrz
Comment 5•10 years ago
|
||
Submitted upstream as https://bugzilla.wikimedia.org/show_bug.cgi?id=38150.
Updated•10 years ago
|
Assignee: mrz → bburton
Comment 6•10 years ago
|
||
(In reply to Reed Loden [:reed] from comment #5) > Submitted upstream as https://bugzilla.wikimedia.org/show_bug.cgi?id=38150. :reed, can you cc me on the upstream bug?
Updated•10 years ago
|
Summary: wiki.mozilla.org cross site scripting → [wiki.mozilla.org] Semantic Forms cross site scripting
Whiteboard: [pending new release of semantic forms]
Comment 7•10 years ago
|
||
I posted an update to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 about when the next release will do, last one was 03/27/2012
Whiteboard: [pending new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms]
Updated•10 years ago
|
Assignee: bburton → nobody
Priority: -- → P2
Updated•10 years ago
|
Whiteboard: [triaged 20120831][waiting][new release of semantic forms] → [triaged 20120831][waiting][new release of semantic forms][site:wiki.mozilla.org]
Duplicate of this bug: 849691
Comment 9•9 years ago
|
||
This appears to be fixed to me, likely by the last wiki software update.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Comment 10•9 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Comment 11•8 years ago
|
||
Chris, Can I please get access to https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify if/when we've deployed the fix? (It might be that the upstream bug is also eligible to be made public.)
Flags: needinfo?(csteipp)
Comment 12•8 years ago
|
||
(In reply to Gordon P. Hemsley [:GPHemsley] from comment #11) > Chris, > > Can I please get access to > https://bugzilla.wikimedia.org/show_bug.cgi?id=38150 so that I can verify > if/when we've deployed the fix? (It might be that the upstream bug is also > eligible to be made public.) Done. Do let me know if we can make it public-- we didn't want to do that if mozilla wasn't patched.
Flags: needinfo?(csteipp)
Comment 13•8 years ago
|
||
Looks like this was patched in Semantic Forms 2.5 and we're running 2.6.1; we should be good to release the embargo. Thanks, Chris!
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•