Date: Fri, 23 Dec 2022 11:53:03 +0000 From: bugzilla-noreply@freebsd.org To: doc@FreeBSD.org Subject: [Bug 268525] XSS vulnerability in FreeBSD Manual Pages Message-ID: <bug-268525-9@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268525 Bug ID: 268525 Summary: XSS vulnerability in FreeBSD Manual Pages Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Website Assignee: doc@FreeBSD.org Reporter: 12un91h9.hello@gmail.com Vuln: XSS Cross-site script Description: XSS appears in FreeBSD Manual Pages when a visitor does the following actions: 1. Search any command 2. Click "apropos" button beside "man" button 3. Concat the previous query param in the URL with " autofocus onfocus="alert(1) Evidence link: https://www.freebsd.org/cgi/man.cgi?apropos=1&arch=default&format=html&manpath=FreeBSD%2014.0-CURRENT&query=id%22autofocus%20onfocus=%22alert(1)&sektion=0 -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268525-9>