Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 20/02/2018 Updated: 16/03/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Mahara 16.10 prior to 16.10.7 and 17.04 prior to 17.04.5 and 17.10 prior to 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mahara mahara

CWE-79 https://reviews.mahara.org/#/c/8191/https://mahara.org/interaction/forum/topic.php?id=8149 https://bugs.launchpad.net/mahara/+bug/1732987 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-17454

Vulnerability Summary

References

Vulmon Search

About

Products

Connect