Forums | Mahara Community

Security Announcements /
Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3


Kristina Hoeppner's profile picture
Posts: 3366

11 September 2017, 12:02 PM

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their name in the usr_registration table. The values are thenĀ  emailed to the user and administrator and if accepted become part of the new user's account.

Category: Cross Site Scripting (XSS)
Severity: High
Versions affected: Mahara <15.04.14; <16.04.8; <16.10.5; <17.04.3
Reported by: Mushraf Mustafa
Bug report: https://bugs.launchpad.net/mahara/+bug/1697308
CVE reference: CVE-2017-9551

We recommend you update your site to the latest minor point release for your version of Mahara.

1 result