Closed Bug 903024 Opened 12 years ago Closed 12 years ago

Found Cross Site Scripting in webmaker.org/

Categories

(Webmaker Graveyard :: Thimble, defect)

Product:
Webmaker Graveyard
Component:
Thimble
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 765340

People

(Reporter: anandtiwarics, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [site:thimble.webmaker.org][reporter-external])

Attachments

(1 file)

thimble.PNG
40.84 KB, image/png
Details
Attached image thimble.PNG
User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36 Steps to reproduce: found self cross site scripting in thimble.webmaker.org. there is thimble editor in webmaker. i.e https://thimble.webmaker.org/project/7438/edit when you put java script in editor then java scrip was injected and perform self XSS. Actual results: may attacker send to user and manipulate user to edit and put attacker malicious java script in user webmaker editor.
Group: websites-security
Component: Other → Thimble
Product: Websites → Webmaker
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Flags: sec-bounty-
Resolution: --- → DUPLICATE
Whiteboard: [site:thimble.webmaker.org][reporter-external]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: