Forums | Mahara Community

Security Announcements /
Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2


This topic is closed. Only moderators and the group administrators can post new replies.
Aaron Wells's profile picture
Posts: 896

03 April 2014, 15:42

Mahara uses the external HTML Purifier library to protect against HTML injection attacks. HTML Purifier has released a new version, 4.6.0, which patches vulnerabilities in previous versions of the library.

Category: Injection
Severity: Medium
Versions Affected: <1.6.9, <1.7.5, <1.8.2
Reported by: Aaron Wells
Bug report: https://bugs.launchpad.net/mahara/+bug/1266976
CVE reference: CVE-2013-7414

We strongly recommend that all Mahara administrators upgrade to the latest version: 1.6.9, 1.7.5, or 1.8.2

Download links for fixed version:

[Update by Kristina for adding CVE reference]

Edits to this post:
1 result