W3C home > Mailing lists > Public > site-comments@w3.org > May 2018

Re: XSS Vulnerability in W3C

From: Antonio Olmo Titos <antonio@w3.org>
Date: Thu, 31 May 2018 10:03:08 +0200
To: Sultan AlHussaini <sultan.alhussaini@outlook.com>
Cc: site-comments <site-comments@w3.org>
Message-ID: <6a946f29-e488-6f77-f6c7-31746e7a6a8c@w3.org>
On 30/05/18 Sultan AlHussaini wrote:
> Dear W3 stuff,
> As you are trying to develop websites and provides everything useful 
> and the best services to the world , also I would like to provide a 
> simple service to you, Actually I have discovered the XXS (reflected) 
> vulnerability in this URL 
> https://validator.w3.org/i18n-checker/check?uri= 
> <https://validator.w3.org/i18n-checker/check?uri=> 
>  (Attached picture prove this) by doing a manual test and I didn’t go 
> far more than testing. wherefore, let the security team check and 
> patch it, and please let me know if you need any help.
> I apologize to you if there is any breach of your policy, but I tried 
> to keep your site secure.
> Note: I am new in penetrating testing (white hat) world, so it’s nice 
> to hear some words from you which supports me in my field :)
> Best regards,

Dear Sultan,

many thanks for reporting this.
We fixed the issue:
https://github.com/w3c/i18n-checker/pull/76

(In the future, please direct such helpful feedback related to security
to this other address instead: sysreq@w3.org .)

Best regards and thank you again,

-- 
Antonio Olmo Titos — web developer, W3C
antonio@w3.org · https://w3.org/People/Antonio
Received on Thursday, 31 May 2018 08:03:29 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 31 May 2018 08:03:35 UTC