mahara-contributors team mailing list archive

Thread
Date

[Bug 1061980] Re: XSS using user uploaded SVG files

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Shen <shzhang@xxxxxxxxx>
Date: Thu, 11 Oct 2012 02:33:59 -0000
Reply-to: Bug 1061980 <1061980@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Where can I find the patches? We are looking at get this fixed on the
individual files instead of doing a whole system upgrade.

Thanks.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1061980

Title:
  XSS using user uploaded SVG files

Status in Mahara ePortfolio:
  In Progress
Status in Mahara 1.4 series:
  Fix Released
Status in Mahara 1.5 series:
  Fix Released

Bug description:
  I have come across a serious security issue on Mahara version 1.5 which can
  allow an attacker to store malicious script on latest version of Mahara.

  *Testing Environent:*
  *
  Operating System:* Windows 7 (32-bit)
  *Web Server: *WAMP v2.2
  *Browser:* Mozilla Firefox v15.0.1

  *Vulnerable Path URL Location:* http://localhost/mahara/artefact/file/

  *Description*: I uploaded a SVG file with malicious payload, Since there
  was no validation of the malicious content, I was successful to upload a
  file with malicous script.

  Kindly find the screenshots as an attachment along with this mail.

  I request you to kindly implement proper sanitization for handling file
  contents.

  Thank You.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1061980/+subscriptions