Search and Top Navigation
#8854 closed bug (notabug)
Opened November 26, 2012 02:08PM UTC
Closed November 26, 2012 03:46PM UTC
Last modified November 26, 2012 03:55PM UTC
Reflective XSS - http://jqueryui.com/themeroller/
| Reported by: | omerta | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | 1.10.0 |
| Component: | ui.core | Version: | 1.9.1 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
jqueryui.com/themeroller is vulnerable to reflected XSS attacks:
http://jqueryui.com/themeroller/#"><script>alert(document.domain);</script>
Verified on:
Google Chrome - Version 23.0.1271.64
Firefox 17.0
http://pwnetrationguru.com/blog
[[Image(http://pwnetrationguru.com/blog/images/jqueryui.png)]]
){kind=link}
Attachments (0)
Change History (3)
Changed November 26, 2012 03:46PM UTC by comment:1
| resolution: | → notabug |
|---|---|
| status: | new → closed |
Changed November 26, 2012 03:52PM UTC by comment:2
Replying to [comment:1 scott.gonzalez]:
https://github.com/jquery/download.jqueryui.com/issues/61
I do not understand why this was resolved to "notabug". It appears a GitHub issue was created for it, indicating that there is a vulnerability. Maybe it has to do with this being a vulnerability in the web application and not the jQuery API in general...
https://github.com/jquery/download.jqueryui.com/issues/61