Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58409

Self-XSS in autocomplete element (for example "Tags")

    XMLWordPrintable

    Details

      Description

      I am reporting a XSS security issues in accordance with Bug in Tag feature.

      Tag feature in any pages has XSS vulnerability.

      Here are steps for how to reproduce below.

      (1) Create a new quiz instance, open edit from.

      (2) Enter <script> tag e.g(<script>alert("XSS!");</script>)

      (3) !?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              davidmatamoros David Matamoros
              Reporter:
              yue Takayuki Fuwa
              Peer reviewer:
              Jake Dallimore
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan, Andrew Nicols, Dongsheng Cai, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Sara Arjona (@sarjona)
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Sep/18

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m