Last modified: 2013-11-15 02:50:25 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T57991, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 55991 - XSS in https://ha.m.wikipedia.org/


Summary:	XSS in https://ha.m.wikipedia.org/

Status:	RESOLVED FIXED

Product:	MediaWiki extensions
Classification:	Unclassified
Component:	ZeroPortal (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Unprioritized normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-10-22 10:28 UTC by Tomasz Chlebowski
Modified:	2013-11-15 02:50 UTC (History)
CC List:	5 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Git patch (1.07 KB, patch) 2013-10-22 23:49 UTC, dr0ptp4kt	Details
Add an attachment (proposed patch, testcase, etc.)

Description Tomasz Chlebowski 2013-10-22 10:28:42 UTC

see: https://ha.m.wikipedia.org/w/index.php?title=Special:ZeroRatedMobileAccess&from=File:Wikiversity-logo.svg&to=javascript:alert%28document.cookie%29

Comment 1 Chris Steipp 2013-10-22 23:46:39 UTC

I reviewed a patch with Adam today, so we should get the cluster patched for this soon.

Comment 2 dr0ptp4kt 2013-10-22 23:49:49 UTC

Created attachment 13546 [details]
Git patch

Comment 3 Chris Steipp 2013-11-14 19:33:03 UTC

This issue was assigned CVE-2013-4573

Comment 4 Chris Steipp 2013-11-14 21:50:57 UTC

Patched in gerrit Ie301c3c27c55dfb0f4d3c653785ad0a35a532a95

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links