XSS attack on edx pages in notes comment

Description

---------- Forwarded message ---------
From: Pravin Mahadik <Unknown>
Date: Monday, January 11, 2021 at 4:24:09 AM UTC-5
Subject: XSS attack on edx pages in comment
To: secu...@edx.org <Unknown>

Select the contents from the edc course ,select edit (adding comment)
[image: 33333.png]
save the comment pop up shows
[image: 55555.png]
on the page


Regards,
Prof. Pravin B. Mahadik,
Asst.Professor, CSE Dept,DIEMS,Aurangabad
Mob-9423730994

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None
Done

Assignee

Matthew Hughes

Reporter

Ben Holt

Reach

None

Impact

None

Platform Area

Platform & Infrastructure - Security

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Story Points

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 &amp; 2)

None

Platform Map Area (Levels 3 &amp; 4)

None

Priority

CAT-1