First published: Fri Nov 03 2017(Updated: )
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =1.10-rc1 | |
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-1000138.
The severity of CVE-2017-1000138 is medium (5.4).
CVE-2017-1000138 allows for possible cross-site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
Mahara versions 1.10 before 1.10.0 and 15.04 before 15.04.0 are affected by CVE-2017-1000138.
To fix CVE-2017-1000138, you should update your Mahara installation to version 1.10.0 or 15.04.0 or later.