First published: Fri Nov 03 2017(Updated: )
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =1.9-rc1 | |
Mahara Mahara | =1.9.0 | |
Mahara Mahara | =1.9.1 | |
Mahara Mahara | =1.9.2 | |
Mahara Mahara | =1.9.3 | |
Mahara Mahara | =1.9.4 | |
Mahara Mahara | =1.9.5 | |
Mahara Mahara | =1.10-rc1 | |
Mahara Mahara | =1.10.0 | |
Mahara Mahara | =1.10.1 | |
Mahara Mahara | =1.10.2 | |
Mahara Mahara | =1.10.3 | |
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 | |
Mahara Mahara | =15.04.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-1000144 is medium.
CVE-2017-1000144 allows a site admin or institution admin to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
Mahara 1.9 before 1.9.6, 1.10 before 1.10.4, and 15.04 before 15.04.1 are affected by CVE-2017-1000144.
To fix CVE-2017-1000144, upgrade Mahara to version 1.9.6, 1.10.4, or 15.04.1.
You can find more information about CVE-2017-1000144 at the following link: [https://bugs.launchpad.net/mahara/+bug/1447377](https://bugs.launchpad.net/mahara/+bug/1447377)