Mahara

  1. Series 20.10
  2. Bug #1888163
  3. Comment #2

Comment 2 for bug 1888163

Revision history for this message
Robert Lyon (robertl-9) wrote :

To be posted in the security forum:

Avoid file or folder names containing JavaScript from being executed

Severity: High
Vulnerability type: Cross Site Scripting (XSS)

In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before
20.04.1, certain places could execute file or folder names containing
JavaScript.

Reported by: Adesh Nandkishor Kolte
Bug report: https://bugs.launchpad.net/mahara/+bug/1888163
CVE reference: CVE-2020-15907

Link CVE number above to https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15907