URL parameters like https://reasonator.toolforge.org/?find=%27%3C/input%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E can be used to execute arbitrary JS.
Reporting on Phabricator per similar previous reports like T305764.
Description
Description
Details
Details
- Risk Rating
- Medium
- Author Affiliation
- Wikimedia Communities
Related Objects
Related Objects
- Mentioned Here
- T305764: PetScan XSS vulnerability
Event Timeline
Comment Actions
This may have to be reported at https://bitbucket.org/magnusmanske/reasonator/issues/ instead, I'm afraid...