Severity: High
Vulnerability type: Cross Site Scripting (XSS)
In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before
20.04.1, certain places could execute file or folder names containing
JavaScript.
Reported by: Adesh Nandkishor Kolte
Bug report: https://bugs.launchpad.net/mahara/+bug/1888163
CVE reference: CVE-2020-15907