Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58409

Self-XSS in autocomplete element (for example "Tags")

    XMLWordPrintable

    Details

      Description

      I am reporting a XSS security issues in accordance with Bug in Tag feature.

      Tag feature in any pages has XSS vulnerability.

      Here are steps for how to reproduce below.

      (1) Create a new quiz instance, open edit from.

      (2) Enter <script> tag e.g(<script>alert("XSS!");</script>)

      (3) !?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              davidmatamoros David Matamoros
              Reporter:
              yue Takayuki Fuwa
              Peer reviewer:
              Jake Dallimore
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Sep/18

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m