{"id":"CVE-2017-1000144","details":"Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.","modified":"2026-04-10T03:54:35.750204Z","published":"2017-11-03T18:29:00.683Z","references":[{"type":"FIX","url":"https://bugs.launchpad.net/mahara/+bug/1447377"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/maharaproject/mahara","events":[{"introduced":"0"},{"last_affected":"91a483f6f5f2b9fb09bc33c4c98cea66581587cc"},{"introduced":"0"},{"last_affected":"ccbf63bbaf768784757dd8b7a6e3841eb55ad9cd"},{"introduced":"0"},{"last_affected":"01d7c8e0fa6ad9d06fd8de8f25dbc8e299373216"},{"introduced":"0"},{"last_affected":"5565883f64ce37a7e1313b91c2862e8b837101c4"},{"introduced":"0"},{"last_affected":"776a4bab9a37273823ef081fab1357d7c0cf91e8"},{"introduced":"0"},{"last_affected":"b0e585768829456eb7174936b533ccfcc024264c"},{"introduced":"0"},{"last_affected":"c7cbe04639e04d247b25bc535147d409b350c2e7"},{"introduced":"0"},{"last_affected":"2f5c68b907e43feb45f419665d221d78510d6cce"},{"introduced":"0"},{"last_affected":"f670d266749f243f82da7e707cad564a79a3dfe4"},{"introduced":"0"},{"last_affected":"51aa89acd91866bf1440acf3a8eb0b68774a1e14"},{"introduced":"0"},{"last_affected":"c055d23e1454d15bd96d8589da8687aa444e1bfb"},{"introduced":"0"},{"last_affected":"b6692ccbd0e71253b07a1653639a3161cf44e3d1"},{"introduced":"0"},{"last_affected":"48a238a2f76a7ea322580fe93b7c026becd9acce"},{"introduced":"0"},{"last_affected":"39ac3f76ea3981e204aca4f25a6d60bd988094f0"},{"introduced":"0"},{"last_affected":"9b217d5c0da7118a8c9d668794a3869d85276534"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9-rc1"},{"introduced":"0"},{"last_affected":"1.9.0"},{"introduced":"0"},{"last_affected":"1.9.1"},{"introduced":"0"},{"last_affected":"1.9.2"},{"introduced":"0"},{"last_affected":"1.9.3"},{"introduced":"0"},{"last_affected":"1.9.4"},{"introduced":"0"},{"last_affected":"1.9.5"},{"introduced":"0"},{"last_affected":"1.10-rc1"},{"introduced":"0"},{"last_affected":"1.10.0"},{"introduced":"0"},{"last_affected":"1.10.1"},{"introduced":"0"},{"last_affected":"1.10.2"},{"introduced":"0"},{"last_affected":"1.10.3"},{"introduced":"0"},{"last_affected":"15.04-rc1"},{"introduced":"0"},{"last_affected":"15.04-rc2"},{"introduced":"0"},{"last_affected":"15.04.0"}]}}],"versions":["1.0.0ALPHA1_RELEASE","1.0.0ALPHA2_RELEASE","1.0.0BETA2_RELEASE","1.1.0ALPHA1_RELEASE","1.1.0ALPHA2_RELEASE","1.1.0ALPHA3_RELEASE","1.1.0BETA2_RELEASE","1.1.0BETA4_RELEASE","1.10.0_RELEASE","1.10.1_RELEASE","1.10.2_RELEASE","1.10.3_RELEASE","1.10RC1_RELEASE","1.2.0ALPHA2_RELEASE","1.2.0ALPHA3_RELEASE","1.3.0BETA1_RELEASE","1.3.0BETA2_RELEASE","1.4.0ALPHA1_RELEASE","1.7RC1_RELEASE","1.8RC1_RELEASE","1.8RC2_RELEASE","1.9.0_RELEASE","1.9.1_RELEASE","1.9.2_RELEASE","1.9.3_RELEASE","1.9.4_RELEASE","1.9.5_RELEASE","1.9RC1_RELEASE","15.04.0_RELEASE","15.04RC1_RELEASE","15.04RC2_RELEASE"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000144.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}]}