{"id":"CVE-2017-1000137","details":"Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).","modified":"2026-07-08T12:05:13.070419Z","published":"2017-11-03T18:29:00.417Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/mahara/+bug/1375092"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/maharaproject/mahara","events":[{"introduced":"2f5c68b907e43feb45f419665d221d78510d6cce"},{"last_affected":"39ac3f76ea3981e204aca4f25a6d60bd988094f0"}],"database_specific":{"cpe":["cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*","cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*","cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*"],"extracted_events":[{"introduced":"1.10-rc1"},{"last_affected":"1.10-rc1"},{"introduced":"15.04-rc1"},{"last_affected":"15.04-rc1"},{"introduced":"15.04-rc2"},{"last_affected":"15.04-rc2"}],"source":"CPE_STRING"}}],"versions":["1.10-rc1","15.04-rc1","15.04-rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000137.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}