Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2011 SecPodOPENVAS:901199
HistoryApr 01, 2011 - 12:00 a.m.

Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

2011-04-0100:00:00
Copyright (C) 2011 SecPod
plugins.openvas.org
5

0.003 Low

EPSS

Percentile

67.3%

JSON

This host is running Mahara and is prone to cross site scripting
and cross site request forgery vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_mahara_xss_n_csrf_vuln.nasl 7029 2017-08-31 11:51:40Z teissa $
#
# Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
#
# Authors:
# Sooraj KS <[email protected]>
#
# Copyright:
# Copyright (c) 2011 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow attackers to execute arbitrary web
  script or HTML in a user's browser session in the context of an affected
  site.
  Impact Level: Application";
tag_affected = "Mahara versions 1.2.x before 1.2.7 and 1.3.x before 1.3.4";
tag_insight = "- The application allows users to perform certain actions via HTTP requests
    without performing any validity checks to verify the requests. This can
    be exploited to delete blog posts by tricking a logged in administrative
    user into visiting a malicious web site.
  - Certain input passed via Pieform select box options is not properly
    sanitised before being displayed to the user. This can be exploited to
    insert arbitrary HTML and script code.";
tag_solution = "Upgrade to Mahara version 1.2.7 or 1.3.4.
  For updates refer to http://mahara.org/";
tag_summary = "This host is running Mahara and is prone to cross site scripting
  and cross site request forgery vulnerabilities.";

if(description)
{
  script_id(901199);
  script_version("$Revision: 7029 $");
  script_tag(name:"last_modification", value:"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $");
  script_tag(name:"creation_date", value:"2011-04-01 15:39:52 +0200 (Fri, 01 Apr 2011)");
  script_bugtraq_id(47033);
  script_cve_id("CVE-2011-0439", "CVE-2011-0440");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_name("Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/43858");
  script_xref(name : "URL" , value : "http://mahara.org/interaction/forum/topic.php?id=3205");
  script_xref(name : "URL" , value : "http://mahara.org/interaction/forum/topic.php?id=3206");
  script_xref(name : "URL" , value : "http://mahara.org/interaction/forum/topic.php?id=3208");

  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 SecPod");
  script_family("Web application abuses");
  script_dependencies("secpod_mahara_detect.nasl");
  script_require_ports("Services/www", 80);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("http_func.inc");
include("version_func.inc");

## Get HTTP Port
port = get_http_port(default:80);
if(!port){
  exit(0);
}

## Check Host Supports PHP
if(!can_host_php(port:port)){
  exit(0);
}

## Get Mahara version from KB
if(vers = get_version_from_kb(port:port,app:"Mahara"))
{
  if(version_in_range(version:vers, test_version:"1.3.0", test_version2:"1.3.3") ||
     version_in_range(version:vers, test_version:"1.2.0", test_version2:"1.2.6"))
  {
    security_message(port:port);
    exit(0);
  }
}

Related

debian 1
openvas 3
nessus 1
osv 1
securityvulns 2
seebug 1
cve 2
ubuntucve 2
prion 2
cvelist 2
debian
debian
[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities
2011-03-29 22:07:25
openvas
openvas
Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
2011-04-01 00:00:00
Debian Security Advisory DSA 2206-1 (mahara)
2011-05-12 00:00:00
Debian: Security Advisory (DSA-2206-1)
2011-05-12 00:00:00
nessus
nessus
Debian DSA-2206-1 : mahara - several vulnerabilities
2011-03-30 00:00:00
osv
osv
mahara - several
2011-03-29 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2206-1] New mahara packages fix several vulnerabilities
2011-03-31 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2011-03-31 00:00:00
seebug
seebug
Maharaθ·¨η«™θ„šζœ¬ε’Œθ·¨η«™θ―·ζ±‚δΌͺι€ ζΌζ΄ž
2011-03-29 00:00:00
cve
cve
CVE-2011-0439
2011-03-28 16:55:00
CVE-2011-0440
2011-03-28 16:55:00
ubuntucve
ubuntucve
CVE-2011-0439
2011-03-28 00:00:00
CVE-2011-0440
2011-03-28 00:00:00
prion
prion
Cross site scripting
2011-03-28 16:55:00
Cross site request forgery (csrf)
2011-03-28 16:55:00
cvelist
cvelist
CVE-2011-0439
2011-03-28 16:00:00
CVE-2011-0440
2011-03-28 16:00:00

0.003 Low

EPSS

Percentile

67.3%

JSON
Related for OPENVAS:901199
debian1openvas3nessus1osv1securityvulns2seebug1cve2ubuntucve2prion2cvelist2