Forums | Mahara Community
Security Announcements
/
XSS exploit in 'External media' block in Mahara before 20.10.5, 21.04.4, and 21.10.2
This topic is closed. Only moderators and the group administrators can post new replies.
1 result
Vulnerability type: Cross-site scripting (XSS) / stored XSS
Attack type: Remote
Impact: Code execution
Affected components: The 'External media' block and anywhere you can enter HTML code, such as a text block, notes, journal entry, and forum post.
Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 are vulnerable to stored cross-site scripting when a particular CSS class for embedly is used and JavaScript code constructed to perform an action.
Reported by: Can't disclose
Bug report: https://bugs.launchpad.net/mahara/+bug/1968920
CVE reference: 2022-29584