Mahara Community

Forums | Mahara Community

Security Announcements /
Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1

This topic is closed. Only moderators and the group administrators can post new replies.

Robert Lyon

Posts: 678

30 April 2019, 19:26

Message for the forum announcement:

Cross site scription of collection title on SmartEvidence overview page

Severity: High
Vulnerability type: XSS

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.

Reported by: Kirtikumar Anandrao Ramchandani
Bug report: https://bugs.launchpad.net/mahara/+bug/1819547
CVE reference: CVE-2019-9709

Edits to this post:

Kristina Hoeppner - 02 May 2019, 10:02

1 result

Forums | Mahara Community

Security Announcements / Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1

Edits to this post:

Security Announcements /
Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1