CVE-2017-1000140 - Cross-Site Scripting (XSS) vulnerability in Mahara

Publication

2017-11-03

Last modification

2017-11-15

Summary

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.

Classification

CWE-79 - Cross-Site Scripting (XSS)

Risk level (CVSS AV:N/AC:M/Au:S/C:N/I:P/A:N)

Low

3.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Mahara Mahara  1.9.0 , 1.9 , 1.10 , 1.8.3 , 1.10.0 , 1.8.1 , 15.04 , 1.10.2 , 1.8.5 , 1.8.4 , 1.8.2 , 1.9.2 , 1.9.4 , 1.10.1 , 1.8.6 , 1.9.1 , 1.8 , 1.9.3 , 1.8.0