Forums | Mahara Community

Security Announcements /
Multiple Cross-site Scripting Vulnerabilities


This topic is closed. Only moderators and the group administrators can post new replies.
Hugh Davenport's profile picture
Posts: 48

10 October 2012, 12:16 PM

Multiple Cross-site Scripting Vulnerabilities

Category: Cross-site Scripting
Severity: Critical
Versions affected: < 1.4.5, < 1.5.4
Reported by: Mike Haworth, Ajay Singh Negi
Identifier: CVE-2012-2243
Bug report: https://bugs.launchpad.net/mahara/+bug/1055232, https://bugs.launchpad.net/mahara/+bug/1063480

As part of the now ended Mahara Security Bug Bounty Program, several cross-site scripting vulnerabilities were discovered. The vulnerabilities have been fixed by the Mahara core developers.

Upgrading to Mahara 1.4.5 or 1.5.4 is strongly recommended.

Download links for fixed versions:
    https://launchpad.net/mahara/+milestone/1.4.5 
    https://launchpad.net/mahara/+milestone/1.5.4

1 result