mahara-contributors team mailing list archive

Thread
Date

[Bug 1091764] Re: Cross site Scripting(XSS) Vulnerability in Mahara 1.6

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Melissa Draper <melissa@xxxxxxxxxxxxx>
Date: Tue, 19 Feb 2013 04:17:36 -0000
Reply-to: Bug 1091764 <1091764@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/1.7
     Assignee: (unassigned) => Aaron Wells (u-aaronw)

** Changed in: mahara/1.7
       Status: New => Fix Committed

** Changed in: mahara/1.7
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1091764

Title:
  Cross site Scripting(XSS) Vulnerability in Mahara 1.6

Status in Mahara ePortfolio:
  Fix Released
Status in Mahara 1.6 series:
  Fix Released
Status in Mahara 1.7 series:
  Fix Committed

Bug description:
  Hi  Mahara Security Team,

  I have found a Persistent/Stored Cross site scripting (XSS)
  vulnerability in Mahara version 1.6.

  What is Cross site scripting(XSS): http://en.wikipedia.org/wiki/Cross-
  site_scripting

  The vulnerability exists in the following link:
  http://demo.mahara.org/artefact/internal/notes.php

  For example, in a note such as
  http://demo.mahara.org/artefact/internal/editnote.php?id=1XX , the
  "Note Title" is thrown with a xss vector such as "><img src=x
  onerror=prompt(1);> or <script>alert(/xss/);</script>.

  When the notes page(http://demo.mahara.org/artefact/internal/notes.php
  ) is loaded, the payload on the title triggers the xss since it is not
  sanitized.

  Fix it as soon as possible.
  Thanks.

  M.R.Vignesh Kumar(@vigneshkumarmr)

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1091764/+subscriptions