Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-1000146

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.5%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2017-1000146
  • Mahara » Mahara » Version: 1.10
    cpe:2.3:a:mahara:mahara:1.10
  • Mahara » Mahara » Version: 1.10.0
    cpe:2.3:a:mahara:mahara:1.10.0
  • Mahara » Mahara » Version: 1.10.1
    cpe:2.3:a:mahara:mahara:1.10.1
  • Mahara » Mahara » Version: 1.10.2
    cpe:2.3:a:mahara:mahara:1.10.2
  • Mahara » Mahara » Version: 1.10.3
    cpe:2.3:a:mahara:mahara:1.10.3
  • Mahara » Mahara » Version: 1.10.4
    cpe:2.3:a:mahara:mahara:1.10.4
  • Mahara » Mahara » Version: 1.9
    cpe:2.3:a:mahara:mahara:1.9
  • Mahara » Mahara » Version: 1.9.0
    cpe:2.3:a:mahara:mahara:1.9.0
  • Mahara » Mahara » Version: 1.9.1
    cpe:2.3:a:mahara:mahara:1.9.1
  • Mahara » Mahara » Version: 1.9.2
    cpe:2.3:a:mahara:mahara:1.9.2
  • Mahara » Mahara » Version: 1.9.3
    cpe:2.3:a:mahara:mahara:1.9.3
  • Mahara » Mahara » Version: 1.9.4
    cpe:2.3:a:mahara:mahara:1.9.4
  • Mahara » Mahara » Version: 1.9.5
    cpe:2.3:a:mahara:mahara:1.9.5
  • Mahara » Mahara » Version: 1.9.6
    cpe:2.3:a:mahara:mahara:1.9.6
  • Mahara » Mahara » Version: 15.04
    cpe:2.3:a:mahara:mahara:15.04
  • Mahara » Mahara » Version: 15.04.0
    cpe:2.3:a:mahara:mahara:15.04.0
  • Mahara » Mahara » Version: 15.04.1
    cpe:2.3:a:mahara:mahara:15.04.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved