XSS Vulnerability adding pages into a collection
Bug #1377736 reported by
Son Nguyen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Son Nguyen | ||
1.10 |
Fix Released
|
High
|
Son Nguyen | ||
15.04 |
Fix Released
|
High
|
Unassigned |
Bug Description
Version: master (1.10)
Platform, browser: any
Steps to reproduce:
1. Create a page with the title "<script>
2. Create a collection
3. Add the page into the collection by dragging it.
You will the the alert pop-up window.
CVE References
Changed in mahara: | |
milestone: | none → 1.10.0 |
status: | New → Fix Committed |
Changed in mahara: | |
assignee: | nobody → Son Nguyen (ngson2000) |
Changed in mahara: | |
importance: | Undecided → High |
tags: | added: regression |
information type: | Private Security → Public Security |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This issue also happens when drag/drop a page into an empty collection