PT-2019-19812 · Catalyst It · Mahara

Kirtikumar Anandrao Ramchandani

Publicado

2019-05-07

Atualizado

2019-05-07

CVE-2019-9709

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mahara versions 17.10 through 17.10.7 Mahara versions 18.04 through 18.04.3 Mahara versions 18.10 through 18.10.0

Description An issue was discovered where the collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page. This can be exploited by any logged-in user.

Recommendations For Mahara versions 17.10 through 17.10.7, update to version 17.10.8. For Mahara versions 18.04 through 18.04.3, update to version 18.04.4. For Mahara versions 18.10 through 18.10.0, update to version 18.10.1.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-9709

Produtos afetados

Mahara

PT-2019-19812 · Catalyst It · Mahara

CVE-2019-9709

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5