CVE-2017-15273

moderate-risk
Published 2017-10-31

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Mahara

References (8)

Issue Tracking https://bugs.launchpad.net/mahara/+bug/1719472
Issue Tracking https://bugs.launchpad.net/mahara/+bug/1719480
Issue Tracking https://bugs.launchpad.net/mahara/+bug/1720034
Patch https://mahara.org/interaction/forum/topic.php?id=8081
Issue Tracking https://bugs.launchpad.net/mahara/+bug/1719472
Issue Tracking https://bugs.launchpad.net/mahara/+bug/1719480
Issue Tracking https://bugs.launchpad.net/mahara/+bug/1720034
Patch https://mahara.org/interaction/forum/topic.php?id=8081
46
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 1/34 · Minimal
Exposure 24/34 · High