CVE-2017-9551

2017-09-2516:29:00

Google

osv.dev

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user’s account.

CPENameOperatorVersion
maharaeq1.1.0ALPHA1_RELEASE
maharaeq1.2.0BETA1_RELEASE
maharaeq1.2.0BETA3_RELEASE
maharaeq1.0.0ALPHA1_RELEASE
maharaeq1.0.0BETA2_RELEASE
maharaeq1.2.0ALPHA2_RELEASE
maharaeq15.04RC1_RELEASE
maharaeq1.0.0ALPHA2_RELEASE
maharaeq1.2.0BETA4_RELEASE
maharaeq1.1.0BETA1_RELEASE

Name	Operator	Version
mahara	eq	1.1.0ALPHA1_RELEASE
mahara	eq	1.2.0BETA1_RELEASE
mahara	eq	1.2.0BETA3_RELEASE
mahara	eq	1.0.0ALPHA1_RELEASE
mahara	eq	1.0.0BETA2_RELEASE
mahara	eq	1.2.0ALPHA2_RELEASE
mahara	eq	15.04RC1_RELEASE
mahara	eq	1.0.0ALPHA2_RELEASE
mahara	eq	1.2.0BETA4_RELEASE
mahara	eq	1.1.0BETA1_RELEASE