XSS / developer.m.o / editor

RESOLVED DUPLICATE of bug 821986

Status

RESOLVED DUPLICATE of bug 821986
6 years ago
3 years ago

People

(Reporter: curtisk, Unassigned)

Tracking

(Blocks: 1 bug)

Details

(Whiteboard: [site:developer.mozilla.org])

Attachments

(1 attachment)

From: fabiancuchietti@hotmail.com
To: security@mozilla.org
Subject: developer.mozilla.org - Cross-site Scripting
Date: Thu, 21 Feb 2013 00:58:30 -0300
-----//-----
Hello Mozilla Security,

i have found a Cross-site Scripting vulnerability in developer.mozilla.org (added screenshot)

Details:

Target: developer.mozilla.org
Vulnerability: Cross-site Scripting
Method: POST
How Exploit: The editor "html tags not filter properly".
Insert the following payload: "><audio src=. onerror=alert(String.fromCharCode(47,88,83,83,101,100,47))>


Best regards,
Fabián Cuchietti.
Assigning to Simon for verification
Assignee: nobody → sbennetts
Whiteboard: [stie:developer.mozilla.org] → [stie:developer.mozilla.org][verif?]
Whiteboard: [stie:developer.mozilla.org][verif?] → [site:developer.mozilla.org][verif?]
Hi Fabián,

Thank you for reporting this issue, I can confirm that it is a vulnerability.
However it has already been reported to us.

Many thanks,

Simon
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Whiteboard: [site:developer.mozilla.org][verif?] → [site:developer.mozilla.org]
Duplicate of bug: 821986
Assignee: sbennetts → administration

Updated

6 years ago
Blocks: 835457
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.