mahara-contributors team mailing list archive

Thread
Date

[Bug 1819547] Re: XSS in collection title when viewwing on matrix page

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Tue, 30 Apr 2019 07:01:33 -0000
Reply-to: Bug 1819547 <1819547@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/18.10
       Status: Fix Committed => Fix Released

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1819547

Title:
  XSS in collection title when viewwing on matrix page

Status in Mahara:
  Fix Released
Status in Mahara 17.10 series:
  Fix Released
Status in Mahara 18.04 series:
  Fix Released
Status in Mahara 18.10 series:
  Fix Released
Status in Mahara 19.04 series:
  Fix Released

Bug description:
  This is an oversight in the collection nav system when we added smart
  evidence and have collection nav display on the matrix page. The
  collection name is not being escaped.

  To test:
  1) Have smart evidence turned on for an institution
  2) Create a collection and give it a title/name like: <script>alert(document.cookie);</script>
  3) Add pages to the collection
  4) Make sure to assign a SmartEvidence option to the collection
  5) Visit the collection matrix page - you should get an alert pop-up displaying

  We just need to escape the collection title before passing it to the
  collectionnav.tpl

  Thanks to Kirtikumar Anandrao Ramchandani for reporting it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1819547/+subscriptions