Closed Bug 993637 Opened 11 years ago Closed 11 years ago

xss in https://popcorn.webmaker.org

Categories

(Mozilla Foundation Communications :: Website, task)

Product:
Mozilla Foundation Communications
Component:
Website
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 866026

People

(Reporter: thesiddharthsolanki, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external)

Attachments

(1 file)

firefox xss poc.JPG
119.32 KB, image/jpeg
Details
Attached image firefox xss poc.JPG
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release) Build ID: 20140314220517 Steps to reproduce: open https://popcorn.webmaker.org/en-US/editor/89839/edit and simply click on the events and double click on the text (to add the text ) and then simply double click on the text and add the payload <img src="x" onerror="alert(1)"> and then simply hit okay ! and boom it executes the JS. Actual results: it executes the js. Expected results: it should not execute the js.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Group: core-security
Flags: sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: