A cross-site scripting vulnerability of low severity was reported. It has been fixed by the Mahara core developers in the latest release. Upgrading is recommended.
Download links for fixed versions:
(Updated to add CVE reference)