Closed
Bug 936821
Opened 11 years ago
Closed 11 years ago
XSS in popcorn.webmaker.org
Categories
(Webmaker Graveyard :: webmaker.org, defect)
Webmaker Graveyard
webmaker.org
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 866026
People
(Reporter: chawla, Unassigned)
Details
(Whiteboard: [site:popcorn.webmaker.org][reporter-external])
Attachments
(1 file)
170.33 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36 Steps to reproduce: i created a project and added events in it.when we add xss vector in text , popup ,wikipedia etc. , XSS executes after adding these vectors. Vectors used by me are: <img src=x onerror=prompt(1)> <iframe src='javascript:prompt(/XSS/);'> Here is the video link for POC: https://www.dropbox.com/s/al57sz4pofv0whc/webmaker.org.avi Actual results: payload i entered executes on creating project>>events Expected results: Actually it shouldn't exceute,it have to show just output project part.
Updated•11 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
Flags: sec-bounty-
Whiteboard: [site:popcorn.webmaker.org][reporter-external]
Updated•10 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•