mahara-contributors team mailing list archive

Thread
Date

[Bug 798136] Re: XSS in URI attributes in the externalfeed block

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Thu, 03 Nov 2011 22:15:23 -0000
Reply-to: Bug 798136 <798136@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/1.3
       Status: In Progress => Fix Released

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/798136

Title:
  XSS in URI attributes in the externalfeed block

Status in Mahara ePortfolio:
  Fix Released
Status in Mahara 1.3 series:
  Fix Released

Bug description:
  I have following "Item"-snippet at RSS-feed:

      <item>
          <title>PS3 and Lara Croft</title>
                  <pubDate>Wed, 29 Sep 2010 18:44:15 +0300</pubDate>
          <description>Description</description>
          <link>javascript:alert(1)</link>
                  <guid>javascript:alert(1)</guid>
                  <comments>http://www.example.net/7606/#comments</comments>
      </item>

  When the link is created for RSS-item, guid with javascript: -protocol
  is left as such. So attacker can create group, link own carefully
  crafted RSS-feed, load it to one Group page, and when user clicks news
  item from it, XSS is executed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/798136/+subscriptions