Mahara

group member search not sanitised

Bug #1079498 reported by Melissa Draper
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Melissa Draper
Mahara 1.6.2

Bug Description

Original report:

"if logged in and go to link

http://<wwwroot>/group/members.php?id=2&query=123'%22%3E%3Cscript%3Ealert(1)%3C/script%3Exss

then xss"

Tags: security
Revision history for this message
Melissa Draper (melissa) wrote :
Revision history for this message
Melissa Draper (melissa) wrote :

Final patch found at:

1.5: https://reviews.mahara.org/#/c/1881/
1.6: https://reviews.mahara.org/#/c/1880/

Revision history for this message
Melissa Draper (melissa) wrote :

Disclosure: https://mahara.org/interaction/forum/topic.php?id=5076

information type: Private Security → Public Security
Melissa Draper (melissa)
Changed in mahara:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.