PT-2019-19812 · Catalyst It · Mahara

Kirtikumar Anandrao Ramchandani

Published

2019-05-07

Updated

2019-05-07

CVE-2019-9709

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mahara versions 17.10 through 17.10.7 Mahara versions 18.04 through 18.04.3 Mahara versions 18.10 through 18.10.0

Description An issue was discovered where the collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page. This can be exploited by any logged-in user.

Recommendations For Mahara versions 17.10 through 17.10.7, update to version 17.10.8. For Mahara versions 18.04 through 18.04.3, update to version 18.04.4. For Mahara versions 18.10 through 18.10.0, update to version 18.10.1.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-9709

Affected Products

Mahara

PT-2019-19812 · Catalyst It · Mahara

CVE-2019-9709

Weakness Enumeration

Related Identifiers

Affected Products

References · 5