New issue
Advanced search Search tips

Issue 91522 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 91218
Owner:
Closed: Aug 2011
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 0
Type: Bug-Security

Restricted
  • Only users with Commit permission may comment.



Sign in to add a comment

Security: XSS in AppCache Internals

Reported by juhon...@gmail.com, Aug 3 2011

Issue description

VULNERABILITY DETAILS
A cross-site scripting issue in the appcache-internals page.

VERSION
Chrome Version: 14.0.835.15 dev
Operating System: Ubuntu 10.04 LTS

REPRODUCTION CASE
chrome://appcache-internals/?view-entry=0|aHR0cDovLy4jPjxzY3JpcHQ+YWxlcnQoJ1hTUycpPC9zY3JpcHQ=|0

The payload is between the two vertical bars. It's a base64-encode of the following: http://.#><script>alert('XSS')</script
 
Mergedinto: 91218
Owner: tsepez@chromium.org
Status: Duplicate
Thanks for the report.
I'm pretty sure this is a duplicate of  bug 91218 , which Tom fixed recently.

Tom also added a CSP policy to that page so this should never happen again :)
Project Member

Comment 2 by bugdroid1@chromium.org, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
Mergedinto: chromium:91218
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 3 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Type-Security Type-Bug-Security
Project Member

Comment 4 by bugdroid1@chromium.org, Mar 11 2013

Labels: -Area-Undefined
Project Member

Comment 5 by bugdroid1@chromium.org, Mar 13 2013

Labels: Restrict-View-EditIssue
Project Member

Comment 6 by ClusterFuzz, Feb 6 2014

Labels: -Restrict-View-SecurityTeam -Restrict-View-EditIssue
Bulk update: removing view restriction from closed bugs.
Labels: allpublic

Sign in to add a comment