cross-site scripting vulnerability in resume blocktype CVE-2009-3299
Bug #463083 reported by
François Marier
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| mahara (Ubuntu) |
Fix Released
|
Undecided
|
François Marier | ||
| Jaunty |
Fix Released
|
Undecided
|
Unassigned | ||
| Karmic |
Fix Released
|
Undecided
|
Unassigned | ||
| Lucid |
Fix Released
|
Undecided
|
François Marier | ||
Bug Description
Binary package hint: mahara
Resume fields displayed from within a view were not being escaped properly. Users could add hostile HTML to their resume, add it to a public view and lure other users to it.
| Changed in mahara (Ubuntu): | |
| assignee: | nobody → François Marier (fmarier) |
Revision history for this message
| François Marier (fmarier) wrote | #1 |
| Changed in mahara (Ubuntu Jaunty): | |
| status: | New → In Progress |
| Changed in mahara (Ubuntu Karmic): | |
| status: | New → In Progress |
| Changed in mahara (Ubuntu Lucid): | |
| status: | New → Confirmed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in mahara (Ubuntu Lucid): | |
| status: | Confirmed → Fix Released |
| Changed in mahara (Ubuntu Jaunty): | |
| status: | In Progress → Fix Released |
| Changed in mahara (Ubuntu Karmic): | |
| status: | In Progress → Fix Released |
| visibility: | private → public |
To post a comment you must log in.
(see debdiffs in LP #463082)