Hello all,
We just released a change (patches are attached to this post) for a security vulnerability in edx-platform with the logout page (Thanks to Oivan Cybersecurity for reporting this vulnerability). See the attachments below for a patch for the current release and for Maple.
Without this patch, it is possible to pass a malicious code in next or redirect_url query params and could be used for stealing user’s cookies, changing the page
contents, redirecting to malicious websites, etc. Our fix changes the rendering of the next URL on the logout page in a way that the next URL is treated as text instead of HTML.
Affected URL:
https://your-domain.com/logout?next="onmouseover="alert(document.cookie)
The fix is already public on the openedx edx-platform and maple master branch. If you are using master or maple, please update or apply the patch as soon as possible.
logout_xss.patch.gz (499 Bytes)
Thanks,
Waheed
P.S. Patch is attached in gzip form to prevent Google Groups from modifying the patch’s line endings.