CVSS: 5.4EPSS: 0%CPEs: 42EXPL: 0CVE-2017-14752
https://notcve.org/view.php?id=CVE-2017-14752
31 Oct 2017 — Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. Mahara, en versiones 15.04 anteriores a la 15.04.15, versiones 16.04 anteriores a la 16.04.9, versiones 16.10 anterio... • https://bugs.launchpad.net/mahara/+bug/1719491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2017-9551
https://notcve.org/view.php?id=CVE-2017-9551
25 Sep 2017 — Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account. Mahara en versiones 15.04 anteriores a la 15.04.14, 16.04 anteriores a la 16.04.8, 16.10 anteriores a la 16.10.5, 17.04 anteriores a la 17.04.3 es vulnera... • https://bugs.launchpad.net/mahara/+bug/1697308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •