What is the severity of CVE-2017-9551?

CVE-2017-9551 is classified as a high severity vulnerability due to its potential for XSS exploitation.

How do I fix CVE-2017-9551?

To fix CVE-2017-9551, upgrade Mahara to version 15.04.14, 16.04.8, 16.10.5, or 17.04.3 or later.

Which versions of Mahara are affected by CVE-2017-9551?

Versions 15.04 before 15.04.14, 16.04 before 16.04.8, 16.10 before 16.10.5, and 17.04 before 17.04.3 are affected by CVE-2017-9551.

What type of attack is CVE-2017-9551 associated with?

CVE-2017-9551 is associated with a cross-site scripting (XSS) attack due to user input vulnerability.

Is user data at risk with CVE-2017-9551?

Yes, user data is at risk with CVE-2017-9551 as malicious payloads can be saved and emailed to users.

Vulnerability/
CVE-2017-9551

medium

6.1

CWE

25/9/2017

5/10/2017

CVE-2017-9551: XSS

First published: Mon Sep 25 2017(Updated: )

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mahara	=15.04-rc1
Mahara	=15.04-rc2
Mahara	=15.04.0
Mahara	=15.04.1
Mahara	=15.04.2
Mahara	=15.04.3
Mahara	=15.04.4
Mahara	=15.04.5
Mahara	=15.04.6
Mahara	=15.04.7
Mahara	=15.04.8
Mahara	=15.04.9
Mahara	=15.04.10
Mahara	=15.04.11
Mahara	=15.04.12
Mahara	=15.04.13
Mahara	=16.04-rc1
Mahara	=16.04-rc2
Mahara	=16.04.0
Mahara	=16.04.1
Mahara	=16.04.2
Mahara	=16.04.3
Mahara	=16.04.4
Mahara	=16.04.5
Mahara	=16.04.6
Mahara	=16.04.7
Mahara	=16.10-rc1
Mahara	=16.10-rc2
Mahara	=16.10.0
Mahara	=16.10.1
Mahara	=16.10.2
Mahara	=16.10.3
Mahara	=16.10.4
Mahara	=17.04-rc1
Mahara	=17.04-rc2
Mahara	=17.04.0
Mahara	=17.04.1
Mahara	=17.04.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-9551?
CVE-2017-9551 is classified as a high severity vulnerability due to its potential for XSS exploitation.
How do I fix CVE-2017-9551?
To fix CVE-2017-9551, upgrade Mahara to version 15.04.14, 16.04.8, 16.10.5, or 17.04.3 or later.
Which versions of Mahara are affected by CVE-2017-9551?
Versions 15.04 before 15.04.14, 16.04 before 16.04.8, 16.10 before 16.10.5, and 17.04 before 17.04.3 are affected by CVE-2017-9551.
What type of attack is CVE-2017-9551 associated with?
CVE-2017-9551 is associated with a cross-site scripting (XSS) attack due to user input vulnerability.
Is user data at risk with CVE-2017-9551?
Yes, user data is at risk with CVE-2017-9551 as malicious payloads can be saved and emailed to users.

agent/references
agent/severity
agent/author
agent/type
agent/description
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
vendor/mahara
canonical/mahara
version/mahara/15.04-rc1
version/mahara/15.04-rc2
version/mahara/15.04.0
version/mahara/15.04.1
version/mahara/15.04.2
version/mahara/15.04.3
version/mahara/15.04.4
version/mahara/15.04.5
version/mahara/15.04.6
version/mahara/15.04.7
version/mahara/15.04.8
version/mahara/15.04.9
version/mahara/15.04.10
version/mahara/15.04.11
version/mahara/15.04.12
version/mahara/15.04.13
version/mahara/16.04-rc1
version/mahara/16.04-rc2
version/mahara/16.04.0
version/mahara/16.04.1
version/mahara/16.04.2
version/mahara/16.04.3
version/mahara/16.04.4
version/mahara/16.04.5
version/mahara/16.04.6
version/mahara/16.04.7
version/mahara/16.10-rc1
version/mahara/16.10-rc2
version/mahara/16.10.0
version/mahara/16.10.1
version/mahara/16.10.2
version/mahara/16.10.3
version/mahara/16.10.4
version/mahara/17.04-rc1
version/mahara/17.04-rc2
version/mahara/17.04.0
version/mahara/17.04.1
version/mahara/17.04.2