Forums | Mahara Community

Security Announcements /
Security issue relating to Stored XSS <1.9.6, <1.10.4, <15.04.1


Aaron Wells's profile picture
Posts: 896

29 May 2015, 15:08

A site admin or institution admin can place HTML and Javascript into an institution display name, which will be displayed to other users unescaped  on some Mahara system pages.

Category: XSS
Severity: High
Versions affected: <1.9.6, <1.10.4, <15.04.1
Reported by: Hugh Davenport
Bug reports: https://bugs.launchpad.net/mahara/+bug/1447377
CVE reference: 2017-1000144

Edits to this post:

1 result