Forums | Mahara Community

Security Announcements /
XSS in Mahara 1.3.2


This topic is closed. Only moderators and the group administrators can post new replies.
François Marier's profile picture
Posts: 411

07 November 2010, 18:58

Category: Cross-site scripting
Severity: Medium
Versions affected: < 1.3.2
Reported by: HTML Purifier project
Identifier: CVE-2010-3871

A cross-site scripting vulnerability in the new group homepage views was identified by the Mahara team.

Upgrading to Mahara 1.3.3 is recommended for all sites running Mahara 1.3. Mahara 1.2 is not affected by this problem since this feature was added in 1.3.

1 result