** Tags added: regression ** Information type changed from Private Security to Public Security
** Changed in: mahara/1.10 Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1377736 Title: XSS Vulnerability adding pages into a collection Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.10 series: Fix Released Status in Mahara 1.11 series: Fix Committed Bug description: Version: master (1.10) Platform, browser: any Steps to reproduce: 1. Create a page with the title "<script>alert(1);</script>" without the quote 2. Create a collection 3. Add the page into the collection by dragging it. You will the the alert pop-up window. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1377736/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp