Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
References
Link | Resource |
---|---|
https://bugs.launchpad.net/mahara/+bug/1558361 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2017-11-03 11:29
Updated : 2017-11-15 06:13
NVD link : CVE-2017-1000149
Mitre link : CVE-2017-1000149
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
mahara
- mahara