Misconfigured DNS allows same-site-scripting
We got a bug report at HackerOne which I am not sure what to do about. Here it is to get input from our sysadmins (which need to fix it anyway, in case it's deemed valid):
Same site scripting
I have found an error of some misconfigrured DNS in a subdomain of yours which causes same site scripting.
Steps To Reproduce:
Step 1 : Go to terminal or cmd
Step 2 : Now type host localhost.torproject.org
Step 3 : Has Now you can see the response from localhost 127.0.0.1
Step 4 : This lead to Same site scripting
Referance :
http://www.securityfocus.com/archive/1/486606/30/0/threaded
Solution:
Kindly remove DNS record from nameserver or use that subdomain.
Impact
Same site scripting may lead to internal DOS