CVE-2017-17454

Name of the Vulnerable Software and Affected Versions: Mahara versions 16.10 through 16.10.6 Mahara versions 17.04 through 17.04.4 Mahara versions 17.10 through 17.10.1

Description: The issue arises when a user enters invalid UTF-8 characters, leading to a Cross Site Scripting (XSS) vulnerability. To address this, Mahara will discard invalid UTF-8 characters, NULL characters, and invalid Unicode characters. Additionally, Mahara will avoid direct usage of $ GET and $ POST where possible, instead opting for param exists() and the correct param *() function to fetch the expected value.

Recommendations: For Mahara versions 16.10 through 16.10.6, update to version 16.10.7 or later. For Mahara versions 17.04 through 17.04.4, update to version 17.04.5 or later. For Mahara versions 17.10 through 17.10.1, update to version 17.10.2 or later.