oss-sec mailing list archives

XSS in roundup bug tracker 404 page

From: Hanno Böck <hanno () hboeck de>
Date: Fri, 5 Apr 2019 11:45:01 +0200

Hi,

I recently discovered that the python bug tracker had a trivial
reflected Cross Site Scripting vulnerability on the 404 error page.

It essentially just reflected the URL path, so anything like
http://hostname/<img src=x onerror=alert(1)>
(properly URL-encoded, but browsers do this automatically)
would result in XSS.

The software python is using here is the Roundup issue tracker, it's
been reported there as well [2] and fixed in their repo (but no release
yet).

[1] https://github.com/python/bugs.python.org/issues/34
[2] https://issues.roundup-tracker.org/issue2551035

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Current thread:

XSS in roundup bug tracker 404 page Hanno Böck (Apr 05)
- Re: XSS in roundup bug tracker 404 page Henri Salo (Apr 07)