fkie_nvd - fkie_cve-2017-9551

fkie_cve-2017-9551

Vulnerability from fkie_nvd

Published

2017-09-25 16:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.

References

URL	Tags
cve@mitre.org	https://bugs.launchpad.net/mahara/+bug/1697308	Issue Tracking, Third Party Advisory
cve@mitre.org	https://mahara.org/interaction/forum/topic.php?id=8040	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/mahara/+bug/1697308	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://mahara.org/interaction/forum/topic.php?id=8040	Vendor Advisory

Impacted products

Vendor	Product	Version
mahara	mahara	15.04
mahara	mahara	15.04
mahara	mahara	15.04.0
mahara	mahara	15.04.1
mahara	mahara	15.04.2
mahara	mahara	15.04.3
mahara	mahara	15.04.4
mahara	mahara	15.04.5
mahara	mahara	15.04.6
mahara	mahara	15.04.7
mahara	mahara	15.04.8
mahara	mahara	15.04.9
mahara	mahara	15.04.10
mahara	mahara	15.04.11
mahara	mahara	15.04.12
mahara	mahara	15.04.13
mahara	mahara	16.04
mahara	mahara	16.04
mahara	mahara	16.04.0
mahara	mahara	16.04.1
mahara	mahara	16.04.2
mahara	mahara	16.04.3
mahara	mahara	16.04.4
mahara	mahara	16.04.5
mahara	mahara	16.04.6
mahara	mahara	16.04.7
mahara	mahara	16.10
mahara	mahara	16.10
mahara	mahara	16.10.0
mahara	mahara	16.10.1
mahara	mahara	16.10.2
mahara	mahara	16.10.3
mahara	mahara	16.10.4
mahara	mahara	17.04
mahara	mahara	17.04
mahara	mahara	17.04.0
mahara	mahara	17.04.1
mahara	mahara	17.04.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:15.04.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB396B0-459E-4C15-9813-980F35C4C44D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.04.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "12CDBF96-CFA2-4941-A9D9-C618A2A1D08D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:16.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29F2B552-479F-4EEA-858B-2920E14BF5C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:17.04.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "265120A4-CD21-425B-9272-06EB68654A80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user\u0027s account."
    },
    {
      "lang": "es",
      "value": "Mahara en versiones 15.04 anteriores a la 15.04.14, 16.04 anteriores a la 16.04.8, 16.10 anteriores a la 16.10.5, 17.04 anteriores a la 17.04.3 es vulnerable a que un usuario env\u00ede una carga \u00fatil potencialmente peligrosa, como por ejemplo un c\u00f3digo XSS, que se vaya a guardar como su nombre en la tabla usr_registration. Los valores se env\u00edan por correo electr\u00f3nico a continuaci\u00f3n al usuario y administrador y, si se aceptan, formar\u00edan parte de la nueva cuenta de usuario."
    }
  ],
  "id": "CVE-2017-9551",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-25T16:29:00.507",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/mahara/+bug/1697308"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://mahara.org/interaction/forum/topic.php?id=8040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/mahara/+bug/1697308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://mahara.org/interaction/forum/topic.php?id=8040"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-9551 (GCVE-0-2017-9551)

Vulnerability from cvelistv5

Published

2017-09-25 16:00

Modified

2024-08-05 17:11