CVE-2017-9551

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
maharamahara
15.04:rc1
maharamahara
15.04:rc2
maharamahara
15.04.0
maharamahara
15.04.1
maharamahara
15.04.2
maharamahara
15.04.3
maharamahara
15.04.4
maharamahara
15.04.5
maharamahara
15.04.6
maharamahara
15.04.7
maharamahara
15.04.8
maharamahara
15.04.9
maharamahara
15.04.10
maharamahara
15.04.11
maharamahara
15.04.12
maharamahara
15.04.13
maharamahara
16.04:rc1
maharamahara
16.04:rc2
maharamahara
16.04.0
maharamahara
16.04.1
maharamahara
16.04.2
maharamahara
16.04.3
maharamahara
16.04.4
maharamahara
16.04.5
maharamahara
16.04.6
maharamahara
16.04.7
maharamahara
16.10:rc1
maharamahara
16.10:rc2
maharamahara
16.10.0
maharamahara
16.10.1
maharamahara
16.10.2
maharamahara
16.10.3
maharamahara
16.10.4
maharamahara
17.04:rc1
maharamahara
17.04:rc2
maharamahara
17.04.0
maharamahara
17.04.1
maharamahara
17.04.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugs.launchpad.net/mahara/+bug/1697308
https://mahara.org/interaction/forum/topic.php?id=8040
https://bugs.launchpad.net/mahara/+bug/1697308
https://mahara.org/interaction/forum/topic.php?id=8040