Описание
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
Ссылки
- Issue TrackingThird Party Advisory
- Vendor Advisory
- Issue TrackingThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 1 ...
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
EPSS
5.4 Medium
CVSS3
3.5 Low
CVSS2