** CVE added: https://cve.mitre.org/cgi- bin/cvename.cgi?name=2017-1000138
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1377736 Title: XSS Vulnerability adding pages into a collection Status in Mahara: Fix Released Status in Mahara 1.10 series: Fix Released Status in Mahara 15.04 series: Fix Released Bug description: Version: master (1.10) Platform, browser: any Steps to reproduce: 1. Create a page with the title "<script>alert(1);</script>" without the quote 2. Create a collection 3. Add the page into the collection by dragging it. You will the the alert pop-up window. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1377736/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
