Forums | Mahara Community

Security Announcements /
XSS in HTML Purifier 4.0 and earlier

This topic is closed. Only moderators and the group administrators can post new replies.

02 July 2010, 0:10

Category: Cross-site scripting
Severity: Low
Versions affected: < 1.0.15, < 1.1.9, < 1.2.5
Reported by: HTML Purifier project
Identifier: CVE-2010-2479

The copy of HTML Purifier bundled with Mahara is vulnerable to certain cross-site scripting attacks on Internet Explorer only. All supported versions of Mahara now have an updated copy of HTML Purifier.

Upgrading to Mahara 1.0.15, 1.1.9 or 1.2.5 is recommended for all sites likely to serve Internet Explorer users.

1 result