oss-sec mailing list archives
CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16.04.8, <= 16.10.5, <= 17.04.3
From: chbi () chbi eu
Date: Mon, 30 Oct 2017 20:15:51 +0100
Hi, I've discovered two security issues in Mahara <= 15.04.14, <= 16.04.8, <= 16.10.5, <= 17.04.3 (https://mahara.org) CVE-2017-14752: A stored XSS vulnerability in "First name", "Last name" and "Display name" allows an authenticated user to inject JavaScript to gain administrator privileges. https://mahara.org/interaction/forum/topic.php?id=8083 CVE-2017-15273: A stored XSS vulnerability in the title of a journal allows an authenticated user to inject JavaScript to gain administrator privileges. https://mahara.org/interaction/forum/topic.php?id=8081 The issues are fixed in Mahara 15.04.15, 16.04.9, 16.10.6, 17.04.4 -- chbi https://chbi.eu GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E https://chbi.eu/chbi.asc
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16.04.8, <= 16.10.5, <= 17.04.3 chbi (Oct 30)