Forums | Mahara Community
Security Announcements
/
Security issue relating to Cross Site Scripting (XSS) <17.10.8; <18.04.4: <18.10.1
This topic is closed. Only moderators and the group administrators can post new replies.
1 result
Message for the forum announcement:
Cross site scription of collection title on SmartEvidence overview page
Severity: High
Vulnerability type: XSS
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
Reported by: Kirtikumar Anandrao Ramchandani
Bug report: https://bugs.launchpad.net/mahara/+bug/1819547
CVE reference: CVE-2019-9709