XSS at people.mozilla.org

RESOLVED FIXED

Status

Websites
other.mozilla.org
RESOLVED FIXED
5 years ago
2 years ago

People

(Reporter: Dhaval Chauhan, Unassigned)

Tracking

({wsec-xss})

Details

(Whiteboard: [reporter-external][site:people.mozilla.org])

(Reporter)

Description

5 years ago
Hi,
There is a XSS at people.mozilla.org

Steps to reproduce :
1. Click on this link : http://people.mozilla.org/~mwargers/tests/unminimized/white-house-waits-tensely-for-decision-on-health-law_bestanden/12-0550_DigitalSub_336x280.swf?clicktag=javascript:alert%287155%29
2. Click on the button "Click Here"

Viola, XSS is triggered
(Reporter)

Comment 1

5 years ago
This bug runs in Mozilla Firefox
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Assignee: mitchell → nobody
Group: mozilla-corporation-confidential → websites-security
Component: Miscellaneous → other.mozilla.org
Product: mozilla.org → Websites
This bug is still active and confirmed
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [reporter-external]
Whiteboard: [reporter-external] → [reporter-external][site:people.mozilla.org]
Renamed file on server, new extention .XSS.DONOTUSE so it won't match an executable mime type
Group: websites-security
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.