First published: Fri Nov 03 2017(Updated: )
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | =15.10-rc1 | |
Mahara Mahara | =15.10-rc2 | |
Mahara Mahara | =15.10.0 | |
Mahara Mahara | =15.10.1 | |
Mahara Mahara | =1.10-rc1 | |
Mahara Mahara | =1.10.0 | |
Mahara Mahara | =1.10.1 | |
Mahara Mahara | =1.10.2 | |
Mahara Mahara | =1.10.3 | |
Mahara Mahara | =1.10.4 | |
Mahara Mahara | =1.10.5 | |
Mahara Mahara | =1.10.6 | |
Mahara Mahara | =1.10.7 | |
Mahara Mahara | =1.10.8 | |
Mahara Mahara | =15.04-rc1 | |
Mahara Mahara | =15.04-rc2 | |
Mahara Mahara | =15.04.0 | |
Mahara Mahara | =15.04.1 | |
Mahara Mahara | =15.04.2 | |
Mahara Mahara | =15.04.3 | |
Mahara Mahara | =15.04.4 | |
Mahara Mahara | =15.04.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2017-1000149.
The severity of CVE-2017-1000149 is medium, with a severity value of 5.4.
Mahara 1.10 before 1.10.9, 15.04 before 15.04.6, and 15.10 before 15.10.2 are affected.
The vulnerability in Mahara is related to cross-site scripting (XSS) due to the use of window.opener (target="_blank" and window.open()).
More information about CVE-2017-1000149 can be found at the following link: [https://bugs.launchpad.net/mahara/+bug/1558361](https://bugs.launchpad.net/mahara/+bug/1558361)