Forums | Mahara Community
Security Announcements
/
Cross-site Scripting Vulnerability
This topic is closed. Only moderators and the group administrators can post new replies.
Account deleted
Posts: 48
09 October 2012, 23:17
Cross-site Scripting Vulnerability
Category: Cross-site Scripting
Severity: Critical
Versions affected: < 1.4.5, < 1.5.4
Reported by: Himansu Das
Identifier: CVE-2012-2247
Bug report: https://bugs.launchpad.net/mahara/+bug/1061980
As part of the now ended Mahara Security Bug Bounty Program, a critical cross-site scripting vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.
Upgrading to Mahara 1.4.5 or 1.5.4 is strongly recommended.
Download links for fixed versions:
https://launchpad.net/mahara/+milestone/1.4.5
https://launchpad.net/mahara/+milestone/1.5.4
1 result