CVE-2017-14752

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
maharamahara
15.04:rc1
maharamahara
15.04:rc2
maharamahara
15.04.0
maharamahara
15.04.1
maharamahara
15.04.2
maharamahara
15.04.3
maharamahara
15.04.4
maharamahara
15.04.5
maharamahara
15.04.6
maharamahara
15.04.7
maharamahara
15.04.8
maharamahara
15.04.9
maharamahara
15.04.10
maharamahara
15.04.11
maharamahara
15.04.12
maharamahara
15.04.13
maharamahara
15.04.14
maharamahara
16.04:rc1
maharamahara
16.04:rc2
maharamahara
16.04.0
maharamahara
16.04.1
maharamahara
16.04.2
maharamahara
16.04.3
maharamahara
16.04.4
maharamahara
16.04.5
maharamahara
16.04.6
maharamahara
16.04.7
maharamahara
16.04.8
maharamahara
16.10:rc1
maharamahara
16.10:rc2
maharamahara
16.10.0
maharamahara
16.10.1
maharamahara
16.10.2
maharamahara
16.10.3
maharamahara
16.10.4
maharamahara
16.10.5
maharamahara
17.04:rc1
maharamahara
17.04:rc2
maharamahara
17.04.0
maharamahara
17.04.1
maharamahara
17.04.2
maharamahara
17.04.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1719491
https://bugs.launchpad.net/mahara/+bug/1719491