Potential attack vector via registration form
Bug #1697308 reported by
Robert Lyon
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Mahara |
Fix Released
|
High
|
Robert Lyon | ||
| 15.04 |
Fix Released
|
High
|
Unassigned | ||
| 16.04 |
Fix Released
|
High
|
Unassigned | ||
| 16.10 |
Fix Released
|
High
|
Unassigned | ||
| 17.04 |
Fix Released
|
High
|
Unassigned | ||
| 17.10 |
Fix Released
|
High
|
Robert Lyon | ||
Bug Description
As reported by Mushraf Mustafa
By using something like
Lastname: <img src='nothing' onerror=
A user can submit potential dangerous payload to be saved as their name in the usr_registration table.
The values are then also emailed out to the the user and admin.
And if accepted become part of the new user's account.
We should clean up the submitted values from the form and remove any HTML tags and Javascript code as that is not valid input.
CVE References
Revision history for this message
| Kristina Hoeppner (kris-hoeppner) wrote | #1 |
Revision history for this message
| Robert Lyon (robertl-9) wrote | #2 |
Revision history for this message
| Mahara Bot (dev-mahara) wrote A change has been merged | #3 |
| information type: | Private Security → Public Security |
To post a comment you must log in.
CVE-2017-9551 was assigned (not yet available to be pulled via Launchpad though)