Reflected XSS in user/group bulk CSV upload
Bug #1063480 reported by
Hugh Davenport
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Hugh Davenport | ||
1.4 |
Fix Released
|
High
|
Hugh Davenport | ||
1.5 |
Fix Released
|
High
|
Hugh Davenport |
Bug Description
Affects the bulk user upload, as well as the group and group member CSV uploads.
If the CSV header has unknown fields, these are displayed as an error with no sanatization. This is done through pieforms error
displaying. This means it may affect other areas where pieform errors are returned based on user data.
It affects versions atleast back to 1.2 with the bulk user upload.
CVE References
visibility: | private → public |
Changed in mahara: | |
status: | In Progress → Fix Released |
To post a comment you must log in.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
status fixreleased enigmail. mozdev. org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://
iJwEAQECAAYFAlC bHO8ACgkQuMoJ2L Q3zxH8TAP/ YN4BiCJZsn5a899 /0UzV31Qg t0BQUHCqe6eFK9w Pp51qgCWWXjUZ3v vvVcsyeWp6626aB FKSU nJQ9WcZXRBUmgw8 7ww72Tx4mybnu7S PSrkZgXdnPGSMwD s89N p0lU=
lM8LXAwZWa6zFv6
pCQXI9E7huPw802
oWvTpl7Xuac48e6
=ouU+
-----END PGP SIGNATURE-----