Forums | Mahara Community

Security Announcements /
Security issue relating to cross-site scripting <16.10.7; <17.04.5; <17.10.2


This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 400

17 January 2018, 5:09 PM

Fix user input from direct POST / GET usage

Vuln type: CSS
Impact: Code execution

Mahara 16.10 before 16.10.7, 17.04 before 17.04.5 and 17.10 before 17.10.2 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be passed in as POST or GET data.

Reported by: Yuliya Bozhko
Bug report:
https://bugs.launchpad.net/mahara/+bug/1732987
CVE number: CVE-2017-17454

Edits to this post:
1 result