Forums | Mahara Community

Security Announcements /
Cross-site scripting bugs in Mahara 1.2.8 and 1.3.5


This topic is closed. Only moderators and the group administrators can post new replies.
François Marier's profile picture
Posts: 411

09 May 2011, 21:03

Category: Cross-site scripting
Severity: Medium
Versions affected: < 1.2.9, < 1.3.6
Reported by: Mahara Team
Identifier: CVE-2011-1405

Previous versions of Mahara did not escape the contents of HTML emails sent to users. Depending on the filters enabled in one's mail reader, it could lead to cross-site scripting attacks.

To protect your users, we recommend that you upgrade to the latest version or disable HTML emails for your site.

1 result