CVE-2020-15907

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15907

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15907.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15907

Published

2020-08-07T20:15:12.437Z

Modified

2026-03-14T10:18:47.805271Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.

References

Affected packages

Git / github.com/maharaproject/mahara

Affected ranges

Type

GIT

Repo

https://github.com/maharaproject/mahara

Events

Introduced

d98eee64dc05a1b1fa163b033f0443b5dd6fde92

Fixed

b0622b0df0573c4455dd0bc3a431b92997f4dc7a

Introduced

6baa307ceb0dfb0292f13b5f23410af77017ee96

Fixed

9373e383bf172a88baec252004ca6e71d78f18de

Introduced

0ac1f94a973e467134edc7b94cb65318eb19227f

Fixed

d52c5ff143810e5b2e6ca06a2ee509ba8c5c1f14

Database specific

{
    "versions": [
        {
            "introduced": "19.04"
        },
        {
            "fixed": "19.04.6"
        },
        {
            "introduced": "19.10"
        },
        {
            "fixed": "19.10.4"
        },
        {
            "introduced": "20.04"
        },
        {
            "fixed": "20.04.1"
        }
    ]
}

Affected versions

19.*

19.04.0_RELEASE

19.04.1_RELEASE

19.04.2_RELEASE

19.04.3_RELEASE

19.04.4_RELEASE

19.04.5_RELEASE

19.10.0_RELEASE

19.10.1_RELEASE

19.10.2_RELEASE

19.10.3_RELEASE

20.*

20.04.0_RELEASE

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15907.json"