Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2017-17454

Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
Products affected by CVE-2017-17454
  • Mahara » Mahara » Version: 16.10.0
    cpe:2.3:a:mahara:mahara:16.10.0
  • Mahara » Mahara » Version: 16.10.1
    cpe:2.3:a:mahara:mahara:16.10.1
  • Mahara » Mahara » Version: 16.10.2
    cpe:2.3:a:mahara:mahara:16.10.2
  • Mahara » Mahara » Version: 16.10.3
    cpe:2.3:a:mahara:mahara:16.10.3
  • Mahara » Mahara » Version: 16.10.4
    cpe:2.3:a:mahara:mahara:16.10.4
  • Mahara » Mahara » Version: 16.10.5
    cpe:2.3:a:mahara:mahara:16.10.5
  • Mahara » Mahara » Version: 16.10.6
    cpe:2.3:a:mahara:mahara:16.10.6
  • Mahara » Mahara » Version: 17.04.0
    cpe:2.3:a:mahara:mahara:17.04.0
  • Mahara » Mahara » Version: 17.04.1
    cpe:2.3:a:mahara:mahara:17.04.1
  • Mahara » Mahara » Version: 17.04.2
    cpe:2.3:a:mahara:mahara:17.04.2
  • Mahara » Mahara » Version: 17.04.3
    cpe:2.3:a:mahara:mahara:17.04.3
  • Mahara » Mahara » Version: 17.04.4
    cpe:2.3:a:mahara:mahara:17.04.4
  • Mahara » Mahara » Version: 17.10.0
    cpe:2.3:a:mahara:mahara:17.10.0
  • Mahara » Mahara » Version: 17.10.1
    cpe:2.3:a:mahara:mahara:17.10.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved