Cross site Scripting(XSS) Vulnerability in Mahara 1.6

Bug #1091764 reported by M.R.Vignesh Kumar on 2012-12-18
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Aaron Wells
1.6
High
Aaron Wells

Bug Description

Hi Mahara Security Team,

I have found a Persistent/Stored Cross site scripting (XSS) vulnerability in Mahara version 1.6.

What is Cross site scripting(XSS): http://en.wikipedia.org/wiki/Cross-site_scripting

The vulnerability exists in the following link:
http://demo.mahara.org/artefact/internal/notes.php

For example, in a note such as http://demo.mahara.org/artefact/internal/editnote.php?id=1XX , the "Note Title" is thrown with a xss vector such as "><img src=x onerror=prompt(1);> or <script>alert(/xss/);</script>.

When the notes page(http://demo.mahara.org/artefact/internal/notes.php ) is loaded, the payload on the title triggers the xss since it is not sanitized.

Fix it as soon as possible.
Thanks.

M.R.Vignesh Kumar(@vigneshkumarmr)

Tags: xss Edit Tag help
description: updated
Melissa Draper (melissa) on 2013-02-15
Changed in mahara:
milestone: none → 1.5.8
Melissa Draper (melissa) on 2013-02-15
Changed in mahara:
status: New → Fix Released
importance: Undecided → High
assignee: nobody → Aaron Wells (u-aaronw)
information type: Private Security → Public Security
Melissa Draper (melissa) on 2013-02-19
no longer affects: mahara/1.7
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Bug attachments