CVE-2017-1000146
CVE-2017-1000146 affects Mahara 1.9 before 1.9.7, 1.10 before 1.10.5, and 15.04 before 15.04.2. The underlying issue is an unescaped portfolio page title in the AJAX update of the Add/remove watchlist link on artefact detail pages, allowing arbitrary Javascript execution in the browser of a logge...