Mahara Community

Forums | Mahara Community

Security Announcements /
XSS exploit in 'External media' block in Mahara before 20.10.5, 21.04.4, and 21.10.2

This topic is closed. Only moderators and the group administrators can post new replies.

Posts: 706

27 April 2022, 13:21

Vulnerability type: Cross-site scripting (XSS) / stored XSS
Attack type: Remote
Impact: Code execution

Affected components: The 'External media' block and anywhere you can enter HTML code, such as a text block, notes, journal entry, and forum post.

Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 are vulnerable to stored cross-site scripting when a particular CSS class for embedly is used and JavaScript code constructed to perform an action.

Reported by: Can't disclose
Bug report: https://bugs.launchpad.net/mahara/+bug/1968920
CVE reference: 2022-29584

1 result

Forums | Mahara Community

Security Announcements / XSS exploit in 'External media' block in Mahara before 20.10.5, 21.04.4, and 21.10.2

Security Announcements /
XSS exploit in 'External media' block in Mahara before 20.10.5, 21.04.4, and 21.10.2