CVE-2017-1000144
Mahara up to versions 1.9.6, 1.10.4, and 15.04.1 are affected by a stored cross-site scripting vulnerability. An admin can place HTML/JavaScript into an institution display name, which is then rendered unescaped to other users on some Mahara pages. Root cause: unescaped user-generated content in ...