Forums | Mahara Community

Security Announcements /
Security issue relating to the file browser <19.04.6, <19.10.4, <20.04.1


This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 769

04 August 2020, 16:13

Avoid file or folder names containing JavaScript from being executed

Severity: High
Vulnerability type: Cross Site Scripting (XSS)

In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before
20.04.1, certain places could execute file or folder names containing
JavaScript.

Reported by: Adesh Nandkishor Kolte
Bug report: https://bugs.launchpad.net/mahara/+bug/1888163
CVE reference: CVE-2020-15907

1 result