Forums | Mahara Community
XSS in HTML Purifier 4.0 and earlier
02 July 2010, 0:10
|Versions affected:||< 1.0.15, < 1.1.9, < 1.2.5|
|Reported by:||HTML Purifier project|
The copy of HTML Purifier bundled with Mahara is vulnerable to certain cross-site scripting attacks on Internet Explorer only. All supported versions of Mahara now have an updated copy of HTML Purifier.
Upgrading to Mahara 1.0.15, 1.1.9 or 1.2.5 is recommended for all sites likely to serve Internet Explorer users.