VYPR
Medium severity5.4OSV Advisory· Published Feb 20, 2018· Updated Jun 17, 2026

CVE-2017-17454

CVE-2017-17454

Description

Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 16.10.0_RELEASE, 16.10.1_RELEASE, 16.10.2_RELEASE, …+ 1 more
    • (no CPE)range: 16.10.0_RELEASE, 16.10.1_RELEASE, 16.10.2_RELEASE, …
    • (no CPE)range: <16.10.7, <17.04.5, <17.10.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.