Date: Fri, 23 Dec 2022 11:53:03 +0000 From: bugzilla-noreply@freebsd.org To: doc@FreeBSD.org Subject: [Bug 268525] XSS vulnerability in FreeBSD Manual Pages Message-ID: <bug-268525-9@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268525 Bug ID: 268525 Summary: XSS vulnerability in FreeBSD Manual Pages Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Website Assignee: doc@FreeBSD.org Reporter: 12un91h9.hello@gmail.com Vuln: XSS Cross-site script Description: XSS appears in FreeBSD Manual Pages when a visitor does the following actions: 1. Search any command 2. Click "apropos" button beside "man" button 3. Concat the previous query param in the URL with " autofocus onfocus=3D"alert(1) Evidence link: https://www.freebsd.org/cgi/man.cgi?apropos=3D1&arch=3Ddefault&format=3Dhtm= l&manpath=3DFreeBSD%2014.0-CURRENT&query=3Did%22autofocus%20onfocus=3D%22al= ert(1)&sektion=3D0 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268525-9>