'[oss-security] CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16
From:       chbi () chbi ! eu
Date:       2017-10-30 19:15:51
Message-ID: ad8e08c6-e1f9-280c-41a7-169b901ca859 () chbi ! eu
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


Hi,

I've discovered two security issues in Mahara <= 15.04.14, <= 16.04.8,
<= 16.10.5, <= 17.04.3 (https://mahara.org)


CVE-2017-14752:
A stored XSS vulnerability in "First name", "Last name" and "Display
name" allows an authenticated user to inject JavaScript to gain
administrator privileges.

https://mahara.org/interaction/forum/topic.php?id=8083


CVE-2017-15273:
A stored XSS vulnerability in the title of a journal allows an
authenticated user to inject JavaScript to gain administrator privileges.

https://mahara.org/interaction/forum/topic.php?id=8081


The issues are fixed in Mahara 15.04.15, 16.04.9, 16.10.6, 17.04.4


-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic