From: email@example.com To: firstname.lastname@example.org Subject: developer.mozilla.org - Cross-site Scripting Date: Thu, 21 Feb 2013 00:58:30 -0300 -----//----- Hello Mozilla Security, i have found a Cross-site Scripting vulnerability in developer.mozilla.org (added screenshot) Details: Target: developer.mozilla.org Vulnerability: Cross-site Scripting Method: POST How Exploit: The editor "html tags not filter properly". Insert the following payload: "><audio src=. onerror=alert(String.fromCharCode(47,88,83,83,101,100,47))> Best regards, Fabián Cuchietti.
Assigning to Simon for verification
Assignee: nobody → sbennetts
Whiteboard: [stie:developer.mozilla.org] → [stie:developer.mozilla.org][verif?]
Whiteboard: [stie:developer.mozilla.org][verif?] → [site:developer.mozilla.org][verif?]
Hi Fabián, Thank you for reporting this issue, I can confirm that it is a vulnerability. However it has already been reported to us. Many thanks, Simon
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Whiteboard: [site:developer.mozilla.org][verif?] → [site:developer.mozilla.org]
Duplicate of bug: 821986
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
You need to log in before you can comment on or make changes to this bug.