Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Firefox cross-site scripting issue
#1
I have a company testing our websites and they are reporting an issue with cross-site scripting with firefox 71.0.    (Note:  I also tested this with chrome and it does not have the same problem.)

It was tested with iw 15.2.15.

Here are the steps that they gave me to reproduce the issue.

-----------

[font="TypoPRO Open Sans", sans-serif]The "callback", "ajaxevent" and "ArowId" parameters found on https://server.domain.com/providers/IsPr...;/callback can be modified to include executable JavaScript.

Browser used for testing: Firefox/71.0

Steps to reproduce:

1. Open Proof of Concept URL in specified browser.
2. The XSS injection will run and display a popup window.

Proof of Concept:

https://server.domain.com/providers/IsPr...alert``%3e[/font]
Reply


Messages In This Thread
Firefox cross-site scripting issue - by joelcc - 10-05-2020, 07:41 PM
RE: Firefox cross-site scripting issue - by kudzu - 10-14-2020, 04:44 PM
RE: Firefox cross-site scripting issue - by zsleo - 10-14-2020, 07:00 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)