Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#8854 closed bug (notabug)

Reflective XSS -

Reported by: omerta Owned by:
Priority: minor Milestone: 1.10.0
Component: ui.core Version: 1.9.1
Keywords: Cc:
Blocked by: Blocking:

Description is vulnerable to reflected XSS attacks:"><script>alert(document.domain);</script>

Verified on: Google Chrome - Version 23.0.1271.64 Firefox 17.0

Change History (3)

comment:1 Changed 10 years ago by Scott González

Resolution: notabug
Status: newclosed

comment:2 in reply to:  1 Changed 10 years ago by omerta

Replying to scott.gonzalez:

I do not understand why this was resolved to "notabug". It appears a GitHub issue was created for it, indicating that there is a vulnerability. Maybe it has to do with this being a vulnerability in the web application and not the jQuery API in general...

comment:3 Changed 10 years ago by Scott González

notabug means that the issue reported is not a bug in the code tracked by this bug tracker. This bug tracker is solely for the jQuery UI library, not for any associated sites, which is why I opened the issue on GitHub.

Thanks for reporting it.

Note: See TracTickets for help on using tickets.