Forums | Mahara Community

Security Announcements /
Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1


This topic is closed. Only moderators and the group administrators can post new replies.
anonymous profile picture
Account deleted
Posts: 197

31 July 2012, 1:45

Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1

Category:                     Cross-site scripting
Severity:                       High
Versions affected:       < 1.4.3, < 1.5.2
Reported by:               Emanuel Bronshtein
Identifier:                      CVE-2012-2237
Bug report:                  1009784, 1009774, 1009777

As part of a the Mahara Security Bug Bounty Program, several cross-site scripting vulnerabilities were identified in all supported versions of Mahara. The vulnerabilities have been fixed by the Mahara core developers.

Upgrading to Mahara 1.4.3 or 1.5.2 is strongly recommended for all sites.

Download links for fixed versions:

  https://launchpad.net/mahara/+milestone/1.4.3
  https://launchpad.net/mahara/+milestone/1.5.2

[edited to fix the CVE ID and add download links]

Edits to this post:
  • anonymous profile picture Account deleted 31 July 2012, 21:03
  • anonymous profile picture Account deleted 31 July 2012, 22:15
1 result