First published: Tue May 07 2019(Updated: )
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mahara Mahara | >=17.10.0<17.10.8 | |
Mahara Mahara | >=18.04.0<18.04.4 | |
Mahara Mahara | >=18.10.0<18.10.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9709 is a vulnerability in Mahara versions 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1 that allows Cross-Site Scripting (XSS) attacks.
CVE-2019-9709 impacts Mahara by making the collection title vulnerable to Cross-Site Scripting (XSS) when viewing the collection's SmartEvidence overview page (if that feature is turned on).
The severity of CVE-2019-9709 is medium, with a CVSS score of 5.4.
To fix CVE-2019-9709 in Mahara, you should upgrade to version 17.10.8, 18.04.4, or 18.10.1
You can find more information about CVE-2019-9709 at the following references: [1] https://bugs.launchpad.net/bugs/1819547 [2] https://mahara.org/interaction/forum/topic.php?id=8446