XSS vulnerability affecting wiki.gimp.org website
Submitted by Aman Mahendra
Assigned to The GIMP web bugs mail alias
Link to original bug (#784030)
Description
Created attachment 354143 Screenshot of bug
Hey there i have found the Cross site script vulnerability in your gimp website
The vulnerable link is https://wiki.gimp.org/thumb.php?f="Payload"
In place of payload paste this without quote x%23<body%09onmousemove=confirm(document.domain)>
After pasting in the address bar hit enter now move the mouse in the page The page reflects the domain of the website. I used mozilla browser.