CVE-2017-14752
moderate-risk
Published 2017-10-31
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
Do I need to act?
-
0.30% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (2)
Issue Tracking
https://bugs.launchpad.net/mahara/+bug/1719491
Issue Tracking
https://bugs.launchpad.net/mahara/+bug/1719491
46
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
24/34 · High