XSS using user uploaded SVG files
Bug #1061980 reported by
Hugh Davenport
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Critical
|
Hugh Davenport | ||
1.4 |
Fix Released
|
Critical
|
Hugh Davenport | ||
1.5 |
Fix Released
|
Critical
|
Hugh Davenport |
Bug Description
I have come across a serious security issue on Mahara version 1.5 which can
allow an attacker to store malicious script on latest version of Mahara.
*Testing Environent:*
*
Operating System:* Windows 7 (32-bit)
*Web Server: *WAMP v2.2
*Browser:* Mozilla Firefox v15.0.1
*Vulnerable Path URL Location:* http://
*Description*: I uploaded a SVG file with malicious payload, Since there
was no validation of the malicious content, I was successful to upload a
file with malicous script.
Kindly find the screenshots as an attachment along with this mail.
I request you to kindly implement proper sanitization for handling file
contents.
Thank You.
CVE References
Changed in mahara: | |
status: | Confirmed → In Progress |
visibility: | private → public |
Changed in mahara: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
Confirmed for all versions back to 1.2, patches are available and will be uploaded in the next few days