CVE-2017-14752: XSS
First published: Tue Oct 31 2017(Updated: )
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mahara | =15.04-rc1 | |
| Mahara | =15.04-rc2 | |
| Mahara | =15.04.0 | |
| Mahara | =15.04.1 | |
| Mahara | =15.04.2 | |
| Mahara | =15.04.3 | |
| Mahara | =15.04.4 | |
| Mahara | =15.04.5 | |
| Mahara | =15.04.6 | |
| Mahara | =15.04.7 | |
| Mahara | =15.04.8 | |
| Mahara | =15.04.9 | |
| Mahara | =15.04.10 | |
| Mahara | =15.04.11 | |
| Mahara | =15.04.12 | |
| Mahara | =15.04.13 | |
| Mahara | =15.04.14 | |
| Mahara | =16.04-rc1 | |
| Mahara | =16.04-rc2 | |
| Mahara | =16.04.0 | |
| Mahara | =16.04.1 | |
| Mahara | =16.04.2 | |
| Mahara | =16.04.3 | |
| Mahara | =16.04.4 | |
| Mahara | =16.04.5 | |
| Mahara | =16.04.6 | |
| Mahara | =16.04.7 | |
| Mahara | =16.04.8 | |
| Mahara | =16.10-rc1 | |
| Mahara | =16.10-rc2 | |
| Mahara | =16.10.0 | |
| Mahara | =16.10.1 | |
| Mahara | =16.10.2 | |
| Mahara | =16.10.3 | |
| Mahara | =16.10.4 | |
| Mahara | =16.10.5 | |
| Mahara | =17.04-rc1 | |
| Mahara | =17.04-rc2 | |
| Mahara | =17.04.0 | |
| Mahara | =17.04.1 | |
| Mahara | =17.04.2 | |
| Mahara | =17.04.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-14752?
CVE-2017-14752 has a high severity due to the potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2017-14752?
To fix CVE-2017-14752, upgrade Mahara to version 15.04.15, 16.04.9, 16.10.6, or 17.04.4 or later.
Which versions of Mahara are affected by CVE-2017-14752?
CVE-2017-14752 affects Mahara versions 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4.
What types of payloads can exploit CVE-2017-14752?
CVE-2017-14752 can be exploited by submitting potentially dangerous payloads such as XSS code in profile fields.
What are the consequences of CVE-2017-14752?
The consequences of CVE-2017-14752 include potential user profile manipulation and increased risks of XSS attacks.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/mahara
- canonical/mahara
- version/mahara/15.04-rc1
- version/mahara/15.04-rc2
- version/mahara/15.04.0
- version/mahara/15.04.1
- version/mahara/15.04.2
- version/mahara/15.04.3
- version/mahara/15.04.4
- version/mahara/15.04.5
- version/mahara/15.04.6
- version/mahara/15.04.7
- version/mahara/15.04.8
- version/mahara/15.04.9
- version/mahara/15.04.10
- version/mahara/15.04.11
- version/mahara/15.04.12
- version/mahara/15.04.13
- version/mahara/15.04.14
- version/mahara/16.04-rc1
- version/mahara/16.04-rc2
- version/mahara/16.04.0
- version/mahara/16.04.1
- version/mahara/16.04.2
- version/mahara/16.04.3
- version/mahara/16.04.4
- version/mahara/16.04.5
- version/mahara/16.04.6
- version/mahara/16.04.7
- version/mahara/16.04.8
- version/mahara/16.10-rc1
- version/mahara/16.10-rc2
- version/mahara/16.10.0
- version/mahara/16.10.1
- version/mahara/16.10.2
- version/mahara/16.10.3
- version/mahara/16.10.4
- version/mahara/16.10.5
- version/mahara/17.04-rc1
- version/mahara/17.04-rc2
- version/mahara/17.04.0
- version/mahara/17.04.1
- version/mahara/17.04.2
- version/mahara/17.04.3