PT-2017-10839 · Catalyst It · Mahara
Ngson2000
+1
·
Publicado
2017-11-03
·
Atualizado
2017-11-15
·
CVE-2017-1000138
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mahara versions prior to 1.10.0
Mahara versions 15.04 before 15.04.0
Description
The issue allows for possible cross-site scripting when dragging and dropping files into a collection if the file has Javascript code in its title.
Recommendations
For Mahara versions prior to 1.10.0, update to version 1.10.0 or later.
For Mahara versions 15.04 before 15.04.0, update to version 15.04.0 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mahara