** Tags added: regression
** Information type changed from Private Security to Public Security
** Changed in: mahara/1.10
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1377736
Title:
XSS Vulnerability adding pages into a collection
Status in Mahara ePortfolio:
Fix Committed
Status in Mahara 1.10 series:
Fix Released
Status in Mahara 1.11 series:
Fix Committed
Bug description:
Version: master (1.10)
Platform, browser: any
Steps to reproduce:
1. Create a page with the title "<script>alert(1);</script>" without the quote
2. Create a collection
3. Add the page into the collection by dragging it.
You will the the alert pop-up window.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1377736/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
