Forums | Mahara Community

Security Announcements /
Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3

Kristina Hoeppner's profile picture
Posts: 4252

11 September 2017, 12:02

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their name in the usr_registration table. The values are thenĀ  emailed to the user and administrator and if accepted become part of the new user's account.

Category: Cross Site Scripting (XSS)
Severity: High
Versions affected: Mahara <15.04.14; <16.04.8; <16.10.5; <17.04.3
Reported by: Mushraf Mustafa
Bug report:
CVE reference: CVE-2017-9551

We recommend you update your site to the latest minor point release for your version of Mahara.

1 result