Closed
Bug 866039
Opened 11 years ago
Closed 11 years ago
XSS IN thimble.webmaker.org (Mozilla Thimble)
Categories
(Webmaker Graveyard :: General, defect)
Webmaker Graveyard
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 765340
People
(Reporter: rishal.dwivedi, Unassigned)
Details
(Whiteboard: [site:thimble.webmaker.org])
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0 Build ID: 20130116073211 Steps to reproduce: XSS (Cross site Scripting Vulnerability) exists in https://thimble.webmaker.org/ Below i have provided the detailed report of the vulnerability Please look & deploy a fix soon. Waiting for your prompt response. Actual results: POC - - Open https://thimble.webmaker.org/en-US/editor - Then on the left side of the webpage edit the default code by replacing"Make something amazing with the web" by the xss script given below. Xss script - "><img src='1.jpg'onerror=alert("XSS")> - Now after you have entered the xss script now move to the left side of the webpage & then BOOM A popup box will be shown when you click on the right side telling XSS. - Hence Proved xss vulnerability exists ! Expected results: secure ! :)
Reporter | ||
Updated•11 years ago
|
Severity: normal → critical
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Flags: sec-bounty-
Resolution: --- → DUPLICATE
Whiteboard: [site:thimble.webmaker.org]
Updated•11 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•