XSS on donate.mozilla.org (event/rsvp_email_preview)

RESOLVED FIXED

Status

RESOLVED FIXED
6 years ago
4 years ago

People

(Reporter: luca.defulgentis, Unassigned)

Tracking

({wsec-xss})

unspecified
wsec-xss
Bug Flags:
sec-bounty +

Details

(Reporter)

Description

6 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1
Build ID: 20120905151427

Steps to reproduce:

Hello,

 I found a reflected XSS on donate.mozilla.org:

https://donate.mozilla.org/page/event/rsvp_email_preview?type=html&data=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

Thanks,
Luca
Hi Luca, thanks for reporting. I am confirming this as it works as expected for me. We'll get a developer looking at it shortly.

Thanks,
Matt
Status: UNCONFIRMED → NEW
Ever confirmed: true
I'm cc'ing Seth on this since this is a BSD form. Seth, can you have your team look at this, it's about as classic as an XSS can get; it treats any input as trusted text directly on the page.

Thanks,
Matt

Comment 3

6 years ago
We will take a look.

Comment 5

6 years ago
Seth, any progress figuring this out, and comments on security rating?

Comment 6

6 years ago
seth, ping...

Comment 7

6 years ago
We have pushed a patch to address this.
This bug appears to be resolved.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Updated

6 years ago
Blocks: 835445
Group: websites-security
Summary: XSS on donate.mozilla.org → XSS on donate.mozilla.org (event/rspv_email_preview)
Summary: XSS on donate.mozilla.org (event/rspv_email_preview) → XSS on donate.mozilla.org (event/rsvp_email_preview)
Flags: sec-bounty+
You need to log in before you can comment on or make changes to this bug.