- Create a form and add <script> tag in the "Template label (optional):" field
- Visit Special:FormEdit/<templatename>/<anypage>
- Script executes
Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Restricted Task | |||||
Resolved | Yaron_Koren | T103765 Ex:SemanticForms - Stored XSS in template label on Special:FormEdit |
Event Timeline
Comment Actions
For some reason I only saw this now. Thanks for the patch! I just checked in this change.
Comment Actions
That was https://gerrit.wikimedia.org/r/#/c/222030
@Yaron_Koren, for future patches on security bugs, it would be great if you could comment here if you think the patch looks good, or needs an improvement. Then we can deploy (secretly) to our cluster before making the patch public in gerrit.
Comment Actions
Deployed https://gerrit.wikimedia.org/r/#/c/222030 as a security patch for wikitech. @mmodell, since the patch is in master, it will be included with wmf13. But wmf11 and 12 are patched.