CVE-2020-15907

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15907

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15907.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15907

Published

2020-08-07T20:15:12Z

Modified

2025-01-14T08:33:11.312571Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.

References

https://mahara.org/interaction/forum/topic.php?id=8668
https://bugs.launchpad.net/mahara/+bug/1888163

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type: GIT
Repo: https://github.com/maharaproject/mahara
Events: Introduced

d98eee64dc05a1b1fa163b033f0443b5dd6fde92

Fixed

b0622b0df0573c4455dd0bc3a431b92997f4dc7a

Affected versions

19.*

19.04.0_RELEASE

19.04.1_RELEASE

19.04.2_RELEASE

19.04.3_RELEASE

19.04.4_RELEASE

19.04.5_RELEASE