Forums | Mahara Community

Security Announcements /
Tag syntax could cause code execution in Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0


This topic is closed. Only moderators and the group administrators can post new replies.
Robert Lyon's profile picture
Posts: 700

29 October 2021, 17:03

 

Vulnerability type: XSS
Attack type: Local
Impact: Code execution

Affected components: The adding or displaying of tags on pages or content
Attack vectors: If a person creates a tag in a certain way then shares the page with others then when they view the page the tag can cause code execution.

Description: In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could cause code execution.

Reported by: Dominic Couture
Bug report: https://bugs.launchpad.net/mahara/+bug/1944633
CVE reference: CVE-2021-43265

Edits to this post:

1 result