Launchpad CVE tracker

CVE 2017-1000149

Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())

Related bugs and status

CVE-2017-1000149 (Candidate) is related to these bugs:

Bug #1558361: XSS vulnerability due to window.opener (target="_blank" and window.open())

		In	Importance	Status
1558361	XSS vulnerability due to window.opener (target="_blank" and window.open())	Mahara	High	Fix Released
1558361	XSS vulnerability due to window.opener (target="_blank" and window.open())	Mahara 1.10	High	Fix Released
1558361	XSS vulnerability due to window.opener (target="_blank" and window.open())	Mahara 15.04	High	Fix Released
1558361	XSS vulnerability due to window.opener (target="_blank" and window.open())	Mahara 15.10	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-1000149

References