Mahara

Cross site Scripting(XSS) Vulnerability in Mahara 1.6

Bug #1091764 reported by M.R.Vignesh Kumar
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Aaron Wells
Mahara 1.5.8
1.6
Fix Released
High
Aaron Wells
Mahara 1.6.3

Bug Description

Hi Mahara Security Team,

I have found a Persistent/Stored Cross site scripting (XSS) vulnerability in Mahara version 1.6.

What is Cross site scripting(XSS): http://en.wikipedia.org/wiki/Cross-site_scripting

The vulnerability exists in the following link:
http://demo.mahara.org/artefact/internal/notes.php

For example, in a note such as http://demo.mahara.org/artefact/internal/editnote.php?id=1XX , the "Note Title" is thrown with a xss vector such as "><img src=x onerror=prompt(1);> or <script>alert(/xss/);</script>.

When the notes page(http://demo.mahara.org/artefact/internal/notes.php ) is loaded, the payload on the title triggers the xss since it is not sanitized.

Fix it as soon as possible.
Thanks.

M.R.Vignesh Kumar(@vigneshkumarmr)

See original description
Tags: xss
Revision history for this message
M.R.Vignesh Kumar (mrkumarvignesh) wrote :
M.R.Vignesh Kumar (mrkumarvignesh)
description: updated
Melissa Draper (melissa)
Changed in mahara:
milestone: none → 1.5.8
Melissa Draper (melissa)
Changed in mahara:
status: New → Fix Released
importance: Undecided → High
assignee: nobody → Aaron Wells (u-aaronw)
information type: Private Security → Public Security
Melissa Draper (melissa)
no longer affects: mahara/1.7
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.