[Bug 38848] New: CSS:position security risk

bugzilla-daemon Mon, 30 Jul 2012 08:15:23 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=38848


       Web browser: ---
             Bug #: 38848
           Summary: CSS:position security risk
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: major
          Priority: Unprioritized
         Component: General/Unknown
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


The fact that u can use the "position" parameter
(http://de.selfhtml.org/css/eigenschaften/positionierung.htm#position) in
Wikipedia is a security risk, because you can use it on your user page to
overlay buttons with blank images, or links, or make the whole page unusable.

Steps to reproduce
Use the following code on an user page:

<div style="position:absolute; top:-118px; left:-170px;     z-index:2;">
[[File:Inverted Wikipedia logo.png 
|115px|link=|alt=|verweis=Wikipedia:Hauptseite]] </div>

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 38848] New: CSS:position security risk

Reply via email to