Activity log for bug #1472439
| Date | Who | What changed | Old value | New value | Message |
|---|---|---|---|---|---|
| 2015-07-08 00:13:22 | Aaron Wells | bug | added bug | ||
| 2015-07-08 00:13:29 | Aaron Wells | information type | Public | Private Security | |
| 2015-07-08 00:13:37 | Aaron Wells | mahara: status | New | In Progress | |
| 2015-07-08 00:13:48 | Aaron Wells | nominated for series | mahara/15.04 | ||
| 2015-07-08 00:13:48 | Aaron Wells | bug task added | mahara/15.04 | ||
| 2015-07-08 00:13:48 | Aaron Wells | nominated for series | mahara/15.10 | ||
| 2015-07-08 00:13:48 | Aaron Wells | bug task added | mahara/15.10 | ||
| 2015-07-08 00:13:48 | Aaron Wells | nominated for series | mahara/1.8 | ||
| 2015-07-08 00:13:48 | Aaron Wells | bug task added | mahara/1.8 | ||
| 2015-07-08 00:13:48 | Aaron Wells | nominated for series | mahara/1.9 | ||
| 2015-07-08 00:13:48 | Aaron Wells | bug task added | mahara/1.9 | ||
| 2015-07-08 00:13:55 | Aaron Wells | nominated for series | mahara/1.10 | ||
| 2015-07-08 00:13:55 | Aaron Wells | bug task added | mahara/1.10 | ||
| 2015-07-08 00:14:01 | Aaron Wells | mahara/1.8: status | New | Won't Fix | |
| 2015-07-08 00:14:05 | Aaron Wells | mahara/1.10: status | New | Confirmed | |
| 2015-07-08 00:14:07 | Aaron Wells | mahara/1.9: status | New | Confirmed | |
| 2015-07-08 00:14:09 | Aaron Wells | mahara/15.04: status | New | Confirmed | |
| 2015-07-08 00:14:15 | Aaron Wells | mahara/1.10: importance | Undecided | Critical | |
| 2015-07-08 00:14:16 | Aaron Wells | mahara/1.8: importance | Undecided | Critical | |
| 2015-07-08 00:14:18 | Aaron Wells | mahara/1.9: importance | Undecided | Critical | |
| 2015-07-08 00:14:19 | Aaron Wells | mahara/15.04: importance | Undecided | Critical | |
| 2015-07-08 00:14:21 | Aaron Wells | mahara/15.10: importance | Undecided | Critical | |
| 2015-07-08 00:14:24 | Aaron Wells | mahara/1.10: assignee | Aaron Wells (u-aaronw) | ||
| 2015-07-08 00:14:26 | Aaron Wells | mahara/1.8: assignee | Aaron Wells (u-aaronw) | ||
| 2015-07-08 00:14:28 | Aaron Wells | mahara/1.9: assignee | Aaron Wells (u-aaronw) | ||
| 2015-07-08 00:14:29 | Aaron Wells | mahara/15.04: assignee | Aaron Wells (u-aaronw) | ||
| 2015-07-08 00:14:31 | Aaron Wells | mahara/15.10: assignee | Aaron Wells (u-aaronw) | ||
| 2015-07-08 00:14:34 | Aaron Wells | mahara/15.10: milestone | 15.10.0 | ||
| 2015-07-08 00:14:36 | Aaron Wells | mahara/15.04: milestone | 15.04.2 | ||
| 2015-07-08 00:14:38 | Aaron Wells | mahara/1.9: milestone | 1.9.7 | ||
| 2015-07-08 00:14:40 | Aaron Wells | mahara/1.10: milestone | 1.10.5 | ||
| 2015-07-08 00:14:53 | Aaron Wells | tags | regression watchlist | ||
| 2015-07-08 00:51:22 | Aaron Wells | mahara/1.9: status | Confirmed | Fix Committed | |
| 2015-07-08 01:03:45 | Aaron Wells | mahara/1.10: status | Confirmed | Fix Committed | |
| 2015-07-08 01:04:10 | Aaron Wells | mahara/15.04: status | Confirmed | In Progress | |
| 2015-07-09 00:17:51 | Aaron Wells | bug | added subscriber yujitounai | ||
| 2015-07-09 00:21:04 | Aaron Wells | mahara/15.04: status | In Progress | Fix Committed | |
| 2015-07-09 00:21:17 | Aaron Wells | mahara/15.10: status | In Progress | Fix Committed | |
| 2015-07-09 23:14:29 | Aaron Wells | mahara/1.10: importance | Critical | High | |
| 2015-07-09 23:14:31 | Aaron Wells | mahara/1.8: importance | Critical | High | |
| 2015-07-09 23:14:32 | Aaron Wells | mahara/1.9: importance | Critical | High | |
| 2015-07-09 23:14:34 | Aaron Wells | mahara/15.04: importance | Critical | High | |
| 2015-07-09 23:14:35 | Aaron Wells | mahara/15.10: importance | Critical | High | |
| 2015-07-10 01:02:38 | Aaron Wells | information type | Private Security | Public Security | |
| 2015-07-10 02:22:47 | Robert Lyon | mahara/1.9: status | Fix Committed | Fix Released | |
| 2015-07-10 02:22:51 | Robert Lyon | mahara/1.10: status | Fix Committed | Fix Released | |
| 2015-07-10 02:36:09 | Robert Lyon | mahara/15.04: status | Fix Committed | Fix Released | |
| 2015-07-10 06:18:37 | Aaron Wells | description | On artefact detail screens, when we you click on the "add to watchlist" link, we use AJAX to update the link to read "remove from watchlist". But, we are not properly escaping the page title in that AJAX, which makes it possible to execute Javascript that has been placed in the page title. To replicate: 1. Create a portfolio Page 2. Give the page this title: "><img src=0 onerror=alert(location)> 3. Put an image block in the page. 4. View the page in display mode. 5. Click on the link to view the artefact detail screen for the image 6. At the bottom of the artefact detail screen, click on the link that reads "Add page ""><img src=0 onerror=alert(location)>" to watchlist" or "Remove page ""><img src=0 onerror=alert(location)>" to watchlist" Expected result: The page should be added or removed from your watchlist, and the link title should show the HTML-escaped version of the page title. Actual result: The page is added or removed from your watchlist, but the link title is not HTML-escaped and Javascript "alert(location)" executes. | Issue reported by Yuji Tounai through security@mahara.org On artefact detail screens, when we you click on the "add to watchlist" link, we use AJAX to update the link to read "remove from watchlist". But, we are not properly escaping the page title in that AJAX, which makes it possible to execute Javascript that has been placed in the page title. To replicate: 1. Create a portfolio Page 2. Give the page this title: "><img src=0 onerror=alert(location)> 3. Put an image block in the page. 4. View the page in display mode. 5. Click on the link to view the artefact detail screen for the image 6. At the bottom of the artefact detail screen, click on the link that reads "Add page ""><img src=0 onerror=alert(location)>" to watchlist" or "Remove page ""><img src=0 onerror=alert(location)>" to watchlist" Expected result: The page should be added or removed from your watchlist, and the link title should show the HTML-escaped version of the page title. Actual result: The page is added or removed from your watchlist, but the link title is not HTML-escaped and Javascript "alert(location)" executes. | |
| 2015-10-23 03:27:47 | Aaron Wells | mahara/15.10: status | Fix Committed | Fix Released | |
| 2017-11-07 03:37:44 | Kristina Hoeppner | cve linked | 2017-1000146 |
