Forums | Mahara Community

Security Announcements /
XSS in Mahara 1.0.10 and 1.1.2


This topic is closed. Only moderators and the group administrators can post new replies.

22 April 2009, 1:03 AM

Category:Cross-site scripting
Severity:Major
Versions affected:< 1.0.11, < 1.1.3
Reported by:Mahara Team
Identifier:CVE-2009-0664

Cross-site scripting vulnerabilities have been found in the "introduction" user profile field as well as in text blocks in user views.

Upgrading to Mahara 1.0.11 or 1.1.3 is strongly recommended for all sites.

1 result