Forums | Mahara Community

Security Announcements /
Cross-site Scripting Vulnerability <1.5.9, <1.6.4


This topic is closed. Only moderators and the group administrators can post new replies.
Aaron Wells's profile picture
Posts: 896

15 April 2013, 18:18

Stored XSS vulnerability in Mahara's usage of TinyMCE editor

Category: Cross-site Scripting
Severity: High
Versions affected: < 1.6.4, < 1.5.9
Reported by: Ahmad Ashraff, Siddhesh Gawde
Identifier: CVE-2013-1426
Bug report: https://bugs.launchpad.net/mahara/+bug/1153423

A high security cross-site scripting vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.

Upgrading to Mahara 1.5.9 or 1.6.4 is strongly recommended.

Download links for fixed versions:
    https://launchpad.net/mahara/+milestone/1.5.9
    https://launchpad.net/mahara/+milestone/1.6.4

Edits to this post:
1 result