https://bugzilla.wikimedia.org/show_bug.cgi?id=25340

david.pa...@commercebank.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

--- Comment #6 from david.pa...@commercebank.com 2010-11-01 15:00:04 UTC ---
We've found the same vulnerability in the 'default' input field on the ask
screen. To Replicate:

Go to:
http://semantic-mediawiki.org/wiki/Special:Ask

and enter:

'><script>alert("CSS Vulnerability");</script>

in the mainlabel, intro, outro, or default input fields. They all allow the
script to execute when the results are returned.

Dave

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to