CVE-2019-9709

EUVD-2019-19075
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
maharamahara
17.10.0 ≤
𝑥
< 17.10.8
maharamahara
18.04.0 ≤
𝑥
< 18.04.4
maharamahara
18.10.0 ≤
𝑥
< 18.10.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
bionic
dne
eoan
dne
focal
dne
precise
ignored
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://bugs.launchpad.net/bugs/1819547
https://mahara.org/interaction/forum/topic.php?id=8446
https://bugs.launchpad.net/bugs/1819547
https://mahara.org/interaction/forum/topic.php?id=8446