\ CVE-2019-9709 - Cross-Site Scripting (XSS) vulnerability in Mahara | Vumetric Cyber Portal

CVE-2019-9709 - Cross-Site Scripting (XSS) vulnerability in Mahara

Publication

2019-05-07

Last modification

2019-05-07

Summary

An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.

Classification

CWE-79 - Cross-Site Scripting (XSS)

Risk level (CVSS AV:N/AC:M/Au:S/C:N/I:P/A:N)

Low

3.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Mahara Mahara  18.04.0 , 18.10.0 , 17.10.1 , 17.10.4 , 17.10.2 , 17.10.3 , 17.10.0