Page MenuHomePhabricator
Create Task
Maniphest T57991

XSS in https://ha.m.wikipedia.org/
Closed, ResolvedPublic
Actions

Description

Author: tomasz.chlebowski

Description:
see: https://ha.m.wikipedia.org/w/index.php?title=Special:ZeroRatedMobileAccess&from=File:Wikiversity-logo.svg&to=javascript:alert%28document.cookie%29

Version: unspecified
Severity: normal

Details

Reference
bz55991

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:23 AM
bzimport added a project: ZeroPortal.
bzimport set Reference to bz55991.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Oct 22 2013, 10:28 AM
csteipp added a comment.Oct 22 2013, 11:46 PM

I reviewed a patch with Adam today, so we should get the cluster patched for this soon.

dr0ptp4kt added a comment.Oct 22 2013, 11:49 PM

Created attachment 13546
Git patch

Attached:

0001-Apply-output-escaping-conditionally.patch1 KBDownload

csteipp added a comment.Nov 14 2013, 7:33 PM

This issue was assigned CVE-2013-4573

csteipp added a comment.Nov 14 2013, 9:50 PM

Patched in gerrit Ie301c3c27c55dfb0f4d3c653785ad0a35a532a95

csteipp added a project: acl*security.Mar 26 2015, 8:39 PM
Yurik removed a project: ZeroPortal.Mar 26 2015, 9:58 PM
Yurik set Security to None.
Yurik added projects: ZeroBanner, Zero.
csteipp added a project: Vuln-XSS.Aug 20 2015, 10:02 PM
chasemp added a project: Security.Feb 10 2020, 10:53 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:14 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL