CVE-2017-1000149
Mahara is affected by a cross‑site scripting (XSS) vulnerability involving window.opener (target="_blank" and window.open()) in versions 1.10 before 1.10.9, 15.04 before 15.04.6, and 15.10 before 15.10.2. The issue allows an attacker to manipulate navigation or access DOM/window.opener objects vi...