[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16
From: chbi () chbi ! eu
Date: 2017-10-30 19:15:51
Message-ID: ad8e08c6-e1f9-280c-41a7-169b901ca859 () chbi ! eu
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Hi,
I've discovered two security issues in Mahara <= 15.04.14, <= 16.04.8,
<= 16.10.5, <= 17.04.3 (https://mahara.org)
CVE-2017-14752:
A stored XSS vulnerability in "First name", "Last name" and "Display
name" allows an authenticated user to inject JavaScript to gain
administrator privileges.
https://mahara.org/interaction/forum/topic.php?id=8083
CVE-2017-15273:
A stored XSS vulnerability in the title of a journal allows an
authenticated user to inject JavaScript to gain administrator privileges.
https://mahara.org/interaction/forum/topic.php?id=8081
The issues are fixed in Mahara 15.04.15, 16.04.9, 16.10.6, 17.04.4
--
chbi
https://chbi.eu
GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E
https://chbi.eu/chbi.asc
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic