Forums | Mahara Community
Security issue relating to cross-site scripting <15.04.15; <16.04.9; <16.10.6; <17.04.4
30 October 2017, 2:27 PM
User's displayed title is not escaped for internal artefacts
Vuln type: CSS
Impact: Code execution
Mahara 15.04 before 15.04.15 and 16.04 before 16.04.9 and 16.10 before 16.10.6 and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.
Reported by: chbi