2 matches found
Mahara < 16.10.9, < 17.04.7, < 17.10.4 XSS Vulnerability
Mahara is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara";...
CVE-2018-6182
CVE-2018-6182 affects Mahara versions 16.10 before 16.10.9, 17.04 before 17.04.7, and 17.10 before 17.10.4. The root cause is that relying on TinyMCE code stripping is insufficient; an attacker can craft POST data packets with bad content to bypass client-side filtering and hit the server. The do...