CVE-2019-9709

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-9709
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9709.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-9709
Published
2019-05-07T14:29:01Z
Modified
2024-06-06T12:55:52.543650Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type
GIT
Repo
https://github.com/maharaproject/mahara
Events

Affected versions

17.*

17.10.0_RELEASE
17.10.1_RELEASE
17.10.2_RELEASE
17.10.3_RELEASE
17.10.4_RELEASE
17.10.5_RELEASE
17.10.6_RELEASE
17.10.7_RELEASE