Project

General

Profile

Actions
Copy link

Bug #14389

closed

Reflected XSS

Added by TheGirdap (Hamit Cibo) about 6 years ago. Updated about 6 years ago.

Status:
Third Party's Issue
Assignee:
-
Target version:
-
ruby -v:
Backport:
2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN
[ruby-core:85046]

Description

Hello,

Reflected Xss found ..

https://docs.ruby-lang.org/ja/search/query:import/query:callback/%22%3E%3C/title%3Ealert(XSS%20A%C3%A7%C4%B1%C4%9F%C4%B1)%3C/script%3E%3E%3Cmarquee%3E%3Ch1%3EXSSa%C3%A7%C4%B1%C4%9F%C4%B1%3C/h1%3E%3C/marquee%3E%3D

result ;

ss:

search:

search box > ....import+words+payload => reflected xss

https://twitter.com/hamit_cibo

Files

Ekran_Resmi_2018-01-24_01.09.36 (1).png (187 KB) Ekran_Resmi_2018-01-24_01.09.36 (1).png TheGirdap (Hamit Cibo), 01/24/2018 09:13 AM
Actions
Copy link
 #1

Updated by TheGirdap (Hamit Cibo) about 6 years ago

  • File deleted (Ekran_Resmi_2018-01-24_01.09.36 (1).png)
Actions
Copy link
 #3 [ruby-core:85040]

Updated by shevegen (Robert A. Heiler) about 6 years ago

The twitter link above gives me "This account's Tweets are protected.", just
for your information.

Actions
Copy link
 #4 [ruby-core:85042]

Updated by TheGirdap (Hamit Cibo) about 6 years ago

shevegen (Robert A. Heiler) wrote:

The twitter link above gives me "This account's Tweets are protected.", just
for your information.

So what do I have to do?

Actions
Copy link
 #5

Updated by hsbt (Hiroshi SHIBATA) about 6 years ago

  • Status changed from Open to Third Party's Issue

Thank you for your report.

But I know that you already reported other places and shared the upstream information.

It's the issue of rurema-search that is documentation searcher, NOT the ruby language.

Actions
Copy link
 #6 [ruby-core:85110]

Updated by TheGirdap (Hamit Cibo) about 6 years ago

hsbt (Hiroshi SHIBATA) wrote:

Thank you for your report.

But I know that you already reported other places and shared the upstream information.

It's the issue of rurema-search that is documentation searcher, NOT the ruby language.

gift ?

Actions
Copy link
 #7 [ruby-core:85111]

Updated by TheGirdap (Hamit Cibo) about 6 years ago

TheGirdap (Hamit Cibo) wrote:

hsbt (Hiroshi SHIBATA) wrote:

Thank you for your report.

But I know that you already reported other places and shared the upstream information.

It's the issue of rurema-search that is documentation searcher, NOT the ruby language.

gift ?

I see the message now "https://bugs.ruby-lang.org/issues/14389" ..

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0