CVE-2019-9709

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9709

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9709.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-9709

Published

2019-05-07T14:29:01Z

Modified

2025-01-14T08:09:39.220998Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type: GIT
Repo: https://github.com/maharaproject/mahara
Events: Introduced

7e3e132425fc023eb85e66717284540d80bdacd1

Fixed

16c20ff69dc41720ac2a1a01569d704b7623ea79

Affected versions

17.*

17.10.0_RELEASE

17.10.1_RELEASE

17.10.2_RELEASE

17.10.3_RELEASE

17.10.4_RELEASE

17.10.5_RELEASE

17.10.6_RELEASE

17.10.7_RELEASE