[Bug 46085] New: Cross-site scripting at page editing

bugzilla-daemon Wed, 13 Mar 2013 13:50:17 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=46085


       Web browser: ---
            Bug ID: 46085
           Summary: Cross-site scripting at page editing
           Product: MediaWiki
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Unprioritized
         Component: Page editing
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]
    Classification: Unclassified
   Mobile Platform: ---

Hello, I'm here to report a security flaw at MediaWiki, this flaw(XSS) is a
serious threat to users.

How to reproduce the bug?

I want to edit a section of a MediaWiki page, so I click the Edit link. I'll be
redirected to a page like
http://es.wikipedia.org/w/index.php?title=Jedi&action=edit&section=28

Now, as the 'section' parameter is vulnerable to XSS, I will add HTML code, for
example
http://es.wikipedia.org/w/index.php?title=Jedi&action=edit&section=28<h1>hello</h1>
and it is shown in the response.


Hope this bug will be solved to grant users' security.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 46085] New: Cross-site scripting at page editing

Reply via email to