[Building Sakai] XSS critical vulnerability
Jayanna, Sid Mr.
jayannsd at muohio.edu
Mon Aug 9 11:07:05 PDT 2010
We are in the process of planning to deploy Sakai but still testing and doing configuration in our dev systems.
We are running Sakai 2.7.0 release version and when our security team did a vulnerability scan, the following came up:
If I paste this in to the browser, for example :
https://our_sakai.abc.edu/portal/tool/!gateway-410?panel=Main%22%3e%3csCrIpT%3ealert(26567)%3c%2fsCrIpT%3e
a javascript is being executed.
Wanted to check if this is taken care of in the nightly builds or is there a patch for this since this looks like a classic xss scripting. or If I am doing something wrong.
Thanks,
Sid
More information about the sakai-dev
mailing list