Closed
Bug 847992
Opened 12 years ago
Closed 11 years ago
XSS in FCKeditor on wiki.mozilla.org
Categories
(Websites :: wiki.mozilla.org, defect)
Websites
wiki.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: abillings, Assigned: pauljt)
Details
(Keywords: reporter-external, sec-moderate, wsec-xss, Whiteboard: [site:wiki.mozilla.org])
Deepankar Arora and Nipun Jaswal (codeinjector007@gmail.com) sent the following report of a XSS in the FCKeditor on wiki.mozilla.org: Hi Sir/Madam, We have recently discovered a POST XSS vulnerability in one of your sub-domain (https://wiki.mozilla.org) . Vulnerable Link: https://wiki.mozilla.org/extensions/FCKeditor/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php POC: http://lab.pentest.co.in/mozilla/xss-poc.html Exploit Code: http://lab.pentest.co.in/mozilla/xss-poc.txt Bugzilla IDs: nipunjaswal@rocketmail.com codeinjector007@gmail.com Waiting for a reply soon. Regards, Deepankar Arora Nipun Jaswal
Reporter | ||
Updated•12 years ago
|
Flags: sec-bounty?
![]() |
||
Updated•12 years ago
|
Assignee: nobody → ptheriault
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [verif?]
Assignee | ||
Comment 1•12 years ago
|
||
POC demonstrates XSS as described, in the "textinputs[]" parameter. The parameter gets injected straight into JavaScript, without escaping necessary characters: var textinputs = new Array(); var error; textinputs[0] = decodeURIComponent(" <- injection from here on. I had a quick skim and I can't see an existing bug for this - not sure if this code is actually used or not, it seems to not work for me.
Reporter | ||
Comment 2•12 years ago
|
||
Well, we need to either: 1) Update the editor to a non-vulnerable version. 2) Fix it in place. 3) Remove the editor.
Comment 3•12 years ago
|
||
The bug is still not fixed.
Reporter | ||
Comment 4•12 years ago
|
||
Yes, that is why the status of the bug is "new" instead of "resolved" with a resolution of "fixed."
Updated•11 years ago
|
Whiteboard: [verif?] → [verif?][site:wiki.mozilla.org]
Comment 5•11 years ago
|
||
This appears to be fixed. The FCKeditor doesn't seem to be present anymore, likely removed during the recent wikimo upgrades.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Comment 6•11 years ago
|
||
Does not qualify for a bounty, wiki.mozilla.org is not a covered site (3rd party software, developer-oriented site).
Flags: sec-bounty? → sec-bounty-
Keywords: sec-moderate,
wsec-xss
![]() |
||
Updated•11 years ago
|
Whiteboard: [verif?][site:wiki.mozilla.org] → [site:wiki.mozilla.org]
Updated•10 years ago
|
Group: websites-security
Updated•1 month ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•