The information in this wiki hasn't been maintained for a good while. Some of the projects described have since been deprecated.

In particular, the "Ushahidi Platform v3.x" section contains information that is often misleading. Many details about this version of Platform have changed since.

This website is an extraction of the original Ushahidi wiki into a static form. Because of that, functions like logging in, commenting or searching will not work.

For more documentation, please refer to

Skip to end of metadata
Go to start of metadata
Submitted1 May 2013
Advisory IDCVE-2013-2025
RiskHIghly Critical
Version2.5.X, 2.6.1


We discovered an exploitable XSS issue logged against 2.6.1:


As always, we highly recommend an update to our latest version of the software, which covers these issues.

  1. Download and unzip (patch file), attached to this alert
  2. Upload and replace your current files in the folders that correspond to those in the patch
  3. Update your config.php with new config settings:

If you have a custom theme, update your theme to use new helper functions:

html::escape($input) - Escape HTML entities. Use this to replace calls to htmlentities()
html::strip_tags($input, $escape = TRUE) - strip all tags. Optionally escapes HTML entities too. Replace any use of strip_tags() with this function
html::clean($input) - Limit HTML tags to only whitelisted elements. Use this on an user submitted data ie report description/title/etc
You can see all the changes made to the default theme here:

Download (ZIP; click to download)md5