Closed
Bug 780049
Opened 13 years ago
Closed 7 years ago
Kuma: RSS - Attempted XSS can cause funky output in RSS feed
Categories
(developer.mozilla.org :: Security, defect, P3)
developer.mozilla.org
Security
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: sheppy, Unassigned)
Details
(Keywords: in-triage, wsec-xss)
Attempts at XSS (such as a title of "User:x002'>"><img src=x onerror=alert(1)>") can cause completely borked output in the RSS feed of changes.
Comment 1•13 years ago
|
||
Could be HTML in general.
Updated•12 years ago
|
Priority: -- → P2
Assignee | ||
Updated•12 years ago
|
Version: Kuma → unspecified
Assignee | ||
Updated•12 years ago
|
Component: Website → Landing pages
Updated•12 years ago
|
Component: Landing pages → Design / user experience
Comment 2•12 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Updated•11 years ago
|
Component: Design / user experience → General
Comment 3•7 years ago
|
||
Is this still happening, sheppy?
Component: General → Security
Flags: needinfo?(eshepherd)
Priority: P2 → P3
Comment 4•7 years ago
|
||
Wontfix until someone comes up with a reasonable example.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(eshepherd)
Keywords: in-triage
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•