[tor-bugs] #28681 [Metrics/Relay Search]: reflected XSS metrics.torproject.org
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 3 19:07:50 UTC 2018
#28681: reflected XSS metrics.torproject.org
---------------------------------------+------------------------------
Reporter: 0x539h | Owner: metrics-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Metrics/Relay Search | Version:
Severity: Major | Resolution:
Keywords: xss, cross-site scripting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------------+------------------------------
Changes (by irl):
* priority: High => Medium
Comment:
It is a bug, but it's not particularly scary as there is nothing you can
get at that would be privileged here.
0x539h: the code is at https://gitweb.torproject.org/metrics-
web.git/tree/src/main/resources/web/js/rs
It would probably be best to clean the inputs in the router:
https://gitweb.torproject.org/metrics-
web.git/tree/src/main/resources/web/js/rs/router.js
Would you like to make a patch?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28681#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list