{"id":"CVE-2017-1000138","details":"Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.","modified":"2026-04-10T03:54:36.181069Z","published":"2017-11-03T18:29:00.450Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/mahara/+bug/1377736"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/maharaproject/mahara","events":[{"introduced":"0"},{"last_affected":"2f5c68b907e43feb45f419665d221d78510d6cce"},{"introduced":"0"},{"last_affected":"48a238a2f76a7ea322580fe93b7c026becd9acce"},{"introduced":"0"},{"last_affected":"39ac3f76ea3981e204aca4f25a6d60bd988094f0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.10-rc1"},{"introduced":"0"},{"last_affected":"15.04-rc1"},{"introduced":"0"},{"last_affected":"15.04-rc2"}]}}],"versions":["1.0.0ALPHA1_RELEASE","1.0.0ALPHA2_RELEASE","1.0.0BETA2_RELEASE","1.1.0ALPHA1_RELEASE","1.1.0ALPHA2_RELEASE","1.1.0ALPHA3_RELEASE","1.1.0BETA2_RELEASE","1.1.0BETA4_RELEASE","1.10RC1_RELEASE","1.2.0ALPHA2_RELEASE","1.2.0ALPHA3_RELEASE","1.3.0BETA1_RELEASE","1.3.0BETA2_RELEASE","1.4.0ALPHA1_RELEASE","1.7RC1_RELEASE","1.8RC1_RELEASE","1.8RC2_RELEASE","15.04RC1_RELEASE","15.04RC2_RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000138.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}