tracker issue : CF-4184671

select a category, or use search below
(searches all categories and all time range)

'"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee>

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/CannotReproduce

Reporter/Name(from Bugbase): Drif Sami / Drif Sami (Drif Sami)

Created: 08/28/2016

Components: Security

Versions: 2016

Failure Type:

Found In Build/Fixed In Build: CF2016_Update1 /

Priority/Frequency: Major / Most users will encounter

Locale/System: ALL / Android 2.x

Vote Count: 0

'"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee>

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4184671

Reason:	PRNeedInfo

External Customer Info:
External Company:  
External Customer Name: Drif Sami
External Customer Email:  
External Test Config: '"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee>


  1. August 29, 2016 00:00:00: 1_xss.gif


'"></title><InvalidTag>alert(document.cookie)</script>'"><marquee><h1>XSS Sami</h1></marquee>
Comment by External U.
1937 | August 28, 2016 07:45:54 PM GMT
Sami, could we have more details on this? Is there a specific input field where this value is processed? We have fixed a handful of issues on Update 2, and will be fixing more such issues in the upcoming updates.
Comment by Immanuel N.
1938 | August 31, 2016 11:38:16 PM GMT
\',yz123"><img src=x onerror=prompt("XSS")>
Comment by External U.
1939 | September 05, 2016 07:42:21 PM GMT
Hi Sami, Could you also mention the pages where you are able to hit this attack. Thanks!
Comment by S P.
1940 | September 05, 2016 11:25:14 PM GMT