Forums | Mahara Community
Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3
22 October 2014, 16:18
Institution display names were not always properly escaped, allowing for XSS by institution admins.
Skin descriptions were not properly escaped, allowing for XSS in sites that use page skins (a feature added in Mahara 1.8).
We strongly recommend that Mahara administrators in multi-institution sites, and/or sites that have page skins enabled, upgrade to the latest Mahara version: 1.7.8, 1.8.5, 1.9.3, or 1.10.0
Download links for fixed versions:
[Update by Kristina to add CVE references]
Edits to this post:
- Kristina Hoeppner - 24 November 2014, 13:36