XSS in collection title when viewwing on matrix page
Bug #1819547 reported by
Robert Lyon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Robert Lyon | ||
17.10 |
Fix Released
|
High
|
Unassigned | ||
18.04 |
Fix Released
|
High
|
Unassigned | ||
18.10 |
Fix Released
|
High
|
Unassigned | ||
19.04 |
Fix Released
|
High
|
Robert Lyon |
Bug Description
This is an oversight in the collection nav system when we added smart evidence and have collection nav display on the matrix page. The collection name is not being escaped.
To test:
1) Have smart evidence turned on for an institution
2) Create a collection and give it a title/name like: <script>
3) Add pages to the collection
4) Make sure to assign a SmartEvidence option to the collection
5) Visit the collection matrix page - you should get an alert pop-up displaying
We just need to escape the collection title before passing it to the collectionnav.tpl
Thanks to Kirtikumar Anandrao Ramchandani for reporting it.
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
CVE number has been requested and will be posted once available.