Forums | Mahara Community
Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3
11 September 2017, 12:02 PM
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the user and administrator and if accepted become part of the new user's account.
Category: Cross Site Scripting (XSS)
Versions affected: Mahara <15.04.14; <16.04.8; <16.10.5; <17.04.3
Reported by: Mushraf Mustafa
Bug report: https://bugs.launchpad.net/mahara/+bug/1697308
CVE reference: CVE-2017-9551
We recommend you update your site to the latest minor point release for your version of Mahara.