Closed
Bug 843574
Opened 11 years ago
Closed 11 years ago
XSS / developer.m.o / editor
Categories
(developer.mozilla.org Graveyard :: Editing, defect)
developer.mozilla.org Graveyard
Editing
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 821986
People
(Reporter: curtisk, Unassigned)
Details
(Whiteboard: [site:developer.mozilla.org])
Attachments
(1 file)
593.95 KB,
image/png
|
Details |
From: fabiancuchietti@hotmail.com To: security@mozilla.org Subject: developer.mozilla.org - Cross-site Scripting Date: Thu, 21 Feb 2013 00:58:30 -0300 -----//----- Hello Mozilla Security, i have found a Cross-site Scripting vulnerability in developer.mozilla.org (added screenshot) Details: Target: developer.mozilla.org Vulnerability: Cross-site Scripting Method: POST How Exploit: The editor "html tags not filter properly". Insert the following payload: "><audio src=. onerror=alert(String.fromCharCode(47,88,83,83,101,100,47))> Best regards, Fabián Cuchietti.
Reporter | ||
Comment 1•11 years ago
|
||
Reporter | ||
Comment 2•11 years ago
|
||
Assigning to Simon for verification
Assignee: nobody → sbennetts
Whiteboard: [stie:developer.mozilla.org] → [stie:developer.mozilla.org][verif?]
Updated•11 years ago
|
Whiteboard: [stie:developer.mozilla.org][verif?] → [site:developer.mozilla.org][verif?]
Comment 3•11 years ago
|
||
Hi Fabián, Thank you for reporting this issue, I can confirm that it is a vulnerability. However it has already been reported to us. Many thanks, Simon
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Whiteboard: [site:developer.mozilla.org][verif?] → [site:developer.mozilla.org]
Updated•11 years ago
|
Assignee: sbennetts → administration
Comment 4•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•