CVE-2017-1000140
CVSS 5.4 - MEDIUM
Description
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
Affected Products
21| Vendor | Product | Version |
|---|---|---|
| mahara | mahara |
1.8
|
| mahara | mahara |
1.8
|
| mahara | mahara |
1.8.0
|
| mahara | mahara |
1.8.1
|
| mahara | mahara |
1.8.2
|
| mahara | mahara |
1.8.3
|
| mahara | mahara |
1.8.4
|
| mahara | mahara |
1.8.5
|
| mahara | mahara |
1.8.6
|
| mahara | mahara |
1.9
|
| mahara | mahara |
1.9.0
|
| mahara | mahara |
1.9.1
|
| mahara | mahara |
1.9.2
|
| mahara | mahara |
1.9.3
|
| mahara | mahara |
1.9.4
|
| mahara | mahara |
1.10
|
| mahara | mahara |
1.10.0
|
| mahara | mahara |
1.10.1
|
| mahara | mahara |
1.10.2
|
| mahara | mahara |
15.04
|
| mahara | mahara |
15.04
|
References
Weakness Types
CWE-79
CVE Information
- CVE ID:
CVE-2017-1000140- Published:
- 2017-11-03
- Modified:
- 2026-05-13
- CVSS Score:
- 5.4
- Severity:
- MEDIUM
- Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Vendors
mahara
Quick Actions
CVSS Severity Scale
0.0 - 3.9
LOW
4.0 - 6.9
MEDIUM
7.0 - 8.9
HIGH
9.0 - 10.0
CRITICAL