Back to search
CVE-2017-17454
Published: Feb 20, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://mahara.org/interaction/forum/topic.php?id=8149
x_refsource_CONFIRM
https://reviews.mahara.org/#/c/8191/
x_refsource_CONFIRM
https://bugs.launchpad.net/mahara/+bug/1732987
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now