{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-31T17:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/mahara/+bug/1719491"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/mahara/+bug/1719491", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/mahara/+bug/1719491"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:34:39.986Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/mahara/+bug/1719491"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14752", "datePublished": "2017-10-31T18:00:00", "dateReserved": "2017-09-26T00:00:00", "dateUpdated": "2024-08-05T19:34:39.986Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*", "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*", "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*", "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*", "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*", "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*", "matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*", "matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*", "matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*", "matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*", "matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*", "matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*", "matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*", "matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*", "matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*", "matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.13:*:*:*:*:*:*:*", "matchCriteriaId": "9FB396B0-459E-4C15-9813-980F35C4C44D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:15.04.14:*:*:*:*:*:*:*", "matchCriteriaId": "F451AFC9-F666-4DB9-A72C-3A9B525F6C75", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*", "matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*", "matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*", "matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*", "matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*", "matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*", "matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*", "matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*", "matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.7:*:*:*:*:*:*:*", "matchCriteriaId": "12CDBF96-CFA2-4941-A9D9-C618A2A1D08D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.04.8:*:*:*:*:*:*:*", "matchCriteriaId": "5065A264-DB58-4A3F-984D-D3B45195F4B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "29F2B552-479F-4EEA-858B-2920E14BF5C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:16.10.5:*:*:*:*:*:*:*", "matchCriteriaId": "65F7A0FD-5C12-4A49-B5FE-E8C8C88C2496", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*", "matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*", "matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*", "matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*", "matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:17.04.2:*:*:*:*:*:*:*", "matchCriteriaId": "265120A4-CD21-425B-9272-06EB68654A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:mahara:mahara:17.04.3:*:*:*:*:*:*:*", "matchCriteriaId": "AEC2D1CB-72FA-445B-BDF2-88ED633B19D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara."}, {"lang": "es", "value": "Mahara, en versiones 15.04 anteriores a la 15.04.15, versiones 16.04 anteriores a la 16.04.9, versiones 16.10 anteriores a la 16.10.6 y versiones 17.04 anteriores a la 17.04.4, es vulnerable a que un usuario env\u00ede un payload potencialmente peligroso (por ejemplo, c\u00f3digo XSS) para que se guarde como su nombre, apellido o el nombre para mostrar en los campos de perfil. Esto puede dar lugar a problemas como el escalado de privilegios o a la ejecuci\u00f3n desconocida de c\u00f3digo malicioso cuando se responde a mensajes en Mahara."}], "id": "CVE-2017-14752", "lastModified": "2017-11-13T16:15:28.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-31T18:29:00.313", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/mahara/+bug/1719491"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}