Design/Logic Flaw

2022-04-2816:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.

CPENameOperatorVersion
maharaeq22.4.0 rc1
maharage21.10.0
maharalt21.10.2
maharage21.04.0
maharalt21.04.4
maharalt20.10.5

Name	Operator	Version
mahara	eq	22.4.0 rc1
mahara	ge	21.10.0
mahara	lt	21.10.2
mahara	ge	21.04.0
mahara	lt	21.04.4
mahara	lt	20.10.5

References

bugs.launchpad.net/mahara/+bug/1968920

mahara.org/interaction/forum/topic.php?id=9095