The Fridge

[XSS] fridge.ubuntu.com

Bug #1427373 reported by Cristi Caloianu on 2015-03-02

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	The Fridge	Fix Released	Undecided	Nick Moffitt

Bug Description

http://fridge.ubuntu.com/wp-content/plugins/audio-player/assets/player.swf?playerID=a\%22%29%29}catch%28e%29{alert%281%29}//

For fix the vulnerability delete player.swf or put 403

See original description

Peter Mahnke (peterm-ubuntu) on 2015-03-03

affects:

ubuntu-website-content → fridge

Revision history for this message

Paul Sladen (sladen) wrote on 2015-03-03:

#1

I got a copy of this; but wow, the Fridge is from a long time ago, and I'm not how/if I have admin access…

Revision history for this message

Daniel Holbach (dholbach) wrote on 2015-03-03:

#2

Paul: I think the Fridge editors (who can add posts in wordpress) are default subscriber of Fridge bugs.

Daniel Holbach (dholbach) on 2015-03-03

Changed in fridge:
status:	New → Fix Released
assignee:	nobody → Nick Moffitt (nick-moffitt)

Revision history for this message

Cristi Caloianu (kronzyalin) wrote on 2015-03-04:

#3

Add me on Hof?

Cristi Caloianu (kronzyalin) on 2015-03-04

information type:	Private Security → Public
description:	updated
summary:	- [XSS] fridge.ubntu.com + [XSS] fridge.ubuntu.com

Revision history for this message

Daniel Holbach (dholbach) wrote on 2015-03-04:

#4

What do you mean by "Add me on Hof?"?

Revision history for this message

Cristi Caloianu (kronzyalin) wrote on 2015-03-04:

#5

Hall of fame :)

Revision history for this message

Daniel Holbach (dholbach) wrote on 2015-03-05:

#6

Ah ok. :)

Revision history for this message

Paul Sladen (sladen) wrote on 2015-03-05:

#7

It appears that:

http://hall-of-fame.ubuntu.com/

vanished. Cristi: did you have another location in mind to be credited? (Can you point us to the link?).

Revision history for this message

Cristi Caloianu (kronzyalin) wrote on 2015-03-05:

#8

http://hall-of-fame.ubuntu.com/ , no work:)

Revision history for this message

Daniel Holbach (dholbach) wrote on 2015-03-05:

#9

Yes, the page is gone.

Revision history for this message

Paul Sladen (sladen) wrote on 2015-03-05:

#10

Yes, as Daniel and myself have both said that URL has gone/finished/vanished.

Where did you want to be listed? (Eg. is there a wiki.ubuntu.com page?)

We *would* like to credit you somewhere for reporting this!

Revision history for this message

Cristi Caloianu (kronzyalin) wrote on 2015-03-05:

#11

Ubuntu don't have a hall of fame page?

Revision history for this message

Cristi Caloianu (kronzyalin) wrote on 2015-03-05:

#12

wiki.ubuntu.com/hall-of-fame is ok.

Revision history for this message

Cristi Caloianu (kronzyalin) wrote on 2015-03-05:

#13

My name is Cristi Caloianu(Kronzy) and site : rstforums.com - Romanian Security Team

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.