mahara-contributors team mailing list archive

Thread
Date

[Bug 1063480] Re: Reflected XSS in user/group bulk CSV upload

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Melissa Draper <melissa@xxxxxxxxxxxxx>
Date: Wed, 10 Oct 2012 03:10:06 -0000
Reply-to: Bug 1063480 <1063480@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/1.5
    Milestone: None => 1.6.0

** Changed in: mahara/1.5
    Milestone: 1.6.0 => 1.5.4

** Visibility changed to: Public

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1063480

Title:
  Reflected XSS in user/group bulk CSV upload

Status in Mahara ePortfolio:
  In Progress
Status in Mahara 1.4 series:
  In Progress
Status in Mahara 1.5 series:
  In Progress

Bug description:
  Affects the bulk user upload, as well as the group and group member
  CSV uploads.

  If the CSV header has unknown fields, these are displayed as an error with no sanatization. This is done through pieforms error
  displaying. This means it may affect other areas where pieform errors are returned based on user data.

  It affects versions atleast back to 1.2 with the bulk user upload.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1063480/+subscriptions