[tor-bugs] #28681 [- Select a component]: reflected XSS metrics.torproject.org

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#28681: reflected XSS metrics.torproject.org
-------------------------------------+-------------------------------------
 Reporter:  0x539h                   |          Owner:  (none)
     Type:  defect                   |         Status:  new
 Priority:  High                     |      Component:  - Select a
                                     |  component
  Version:  sbws: unspecified        |       Severity:  Major
 Keywords:  xss, cross-site          |  Actual Points:
  scripting                          |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:  Sponsor2
-------------------------------------+-------------------------------------
 Hello! I have been found reflected XSS vulnerability on subdomain of
 torproject.
 You should fix it :) Screenshot with easy exploit is attached to ticket.
 If it possible, I will proud to get one more sticker pack ^^ .

 {{{
 https://metrics.torproject.org/rs.html#search/1337%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E
 }}}
 the vector is:

 **"><img src=x onerror=alert(1)>**

 P0W3RING D1G1T4L R3S1S74NC3!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28681>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs