Forums | Mahara Community

Security Announcements /
Security issue relating to XSS <1.10.0, <15.04.0


Robert Lyon's profile picture
Posts: 776

17 April 2015, 14:45

Possible cross site scripting when dragging/dropping files into a collection if the file have javascript code in it's title.

Category: XSS
Severity: High
Versions affected: <1.10.0, <15.04.0
Reported by: Son Nguyen
Bug reports: https://bugs.launchpad.net/mahara/+bug/1377736
CVE reference: 2017-1000138

Edits to this post:

1 result