#8854 closed bug (notabug)
Reflective XSS - http://jqueryui.com/themeroller/
| Reported by: | omerta | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.10.0 |
| Component: | ui.core | Version: | 1.9.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
jqueryui.com/themeroller is vulnerable to reflected XSS attacks:
http://jqueryui.com/themeroller/#"><script>alert(document.domain);</script>
Verified on: Google Chrome - Version 23.0.1271.64 Firefox 17.0
Change History (3)
comment:1 follow-up: 2 Changed 10 years ago by
| Resolution: | → notabug |
|---|---|
| Status: | new → closed |
comment:2 Changed 10 years ago by
Replying to scott.gonzalez:
I do not understand why this was resolved to "notabug". It appears a GitHub issue was created for it, indicating that there is a vulnerability. Maybe it has to do with this being a vulnerability in the web application and not the jQuery API in general...
comment:3 Changed 10 years ago by
notabug means that the issue reported is not a bug in the code tracked by this bug tracker. This bug tracker is solely for the jQuery UI library, not for any associated sites, which is why I opened the issue on GitHub.
Thanks for reporting it.
Note: See
TracTickets for help on using
tickets.
https://github.com/jquery/download.jqueryui.com/issues/61