Security: XSS in chromepmo.appspot.com
Reported by
tthe.dol...@gmail.com,
Jun 26 2018
|
|||
Issue descriptionHello, I've found an XSS vulnerability in the domain chromepmo.appspot.com. I guess that this has a very low priority and you will maybe not fix it but I still want to inform you about that bug. Feel free to close it and sorry If I am wasting your time. POC: https://chromepmo.appspot.com/history/mstone?branch=master%3Cimg%20src=X%20onerror=alert(document.domain)%3E
,
Jul 17
Thanks for the report. Since inferno@ didn't escalate this, I'm going to assume it's not high priority from a security standpoint and the fix can wait a bit. Given this, we're actively working to turn down the chromepmo.appspot.com application in favor of other tools, so this will be fixed once the chromepmo app is turned off. Thus, I'm going to mark this as WontFix - but, thanks for taking the time to point out the issue, we really appreciate it!
,
Oct 24
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by infe...@chromium.org
, Jun 26 2018Owner: amineer@chromium.org
Status: Assigned (was: Unconfirmed)