Launchpad itself

persistent xss on code.launchpad.net

Bug #911632 reported by David on 2012-01-04

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	Critical	Richard Harding

Bug Description

A user's full name is shown un-escaped on their code.launchpad.net profile page thus providing a persistent xss vector.
For example, the user I just created with the username "ohnoes" and full name "/><script>alert(3);</script> profile can be found at
https://code.launchpad.net/~ohnoes (by going to that page you will see an alert box with the number 3 in it).

Tags:

Related branches

lp:~rharding/launchpad/xss_911632

Merged into lp:launchpad at revision 14642

Aaron Bentley (community): Approve on 2012-01-04

William Grant (wgrant) on 2012-01-04

Changed in launchpad:
importance:	Undecided → Critical
status:	New → Triaged

Richard Harding (rharding) on 2012-01-04

Changed in launchpad:
assignee:	nobody → Richard Harding (rharding)
status:	Triaged → In Progress

Revision history for this message

Launchpad QA Bot (lpqabot) wrote on 2012-01-05:

Fixed in stable r14633 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14633>.

tags:	added: qa-needstesting
Changed in launchpad:
status:	In Progress → Fix Committed

William Grant (wgrant) on 2012-01-05

tags:

added: qa-ok
removed: qa-needstesting

Steve Kowalik (stevenk) on 2012-01-06

Changed in launchpad:
status:	Fix Committed → Fix Released

David (d--) on 2012-01-06

visibility:

private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.