Forums | Mahara Community
Cross-site Scripting Vulnerability <1.5.9, <1.6.4
15 April 2013, 18:18
Stored XSS vulnerability in Mahara's usage of TinyMCE editor
Category: Cross-site Scripting
Versions affected: < 1.6.4, < 1.5.9
Reported by: Ahmad Ashraff, Siddhesh Gawde
Bug report: https://bugs.launchpad.net/mahara/+bug/1153423
A high security cross-site scripting vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.
Upgrading to Mahara 1.5.9 or 1.6.4 is strongly recommended.
Edits to this post:
- Aaron Wells - 19 April 2013, 12:03