CVE-2017-17454

Mahara is affected by a Cross Site Scripting (XSS) vulnerability in specific releases: 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2. The root cause involves improper handling of invalid UTF-8 characters; Mahara discards such characters (along with NULL and invalid Unicode)...