Mahara 1.9 prior to 1.9.7 and 1.10 prior to 1.10.5 and 15.04 prior to 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mahara mahara 1.9.5 |
||
mahara mahara 1.9.6 |
||
mahara mahara 1.9.1 |
||
mahara mahara 1.9.2 |
||
mahara mahara 1.9.3 |
||
mahara mahara 1.9.0 |
||
mahara mahara 1.9.4 |
||
mahara mahara 1.9 |
||
mahara mahara 1.10.2 |
||
mahara mahara 1.10.3 |
||
mahara mahara 1.10.4 |
||
mahara mahara 1.10 |
||
mahara mahara 1.10.1 |
||
mahara mahara 1.10.0 |
||
mahara mahara 15.04 |
||
mahara mahara 15.04.0 |
||
mahara mahara 15.04.1 |