It was discovered that mahara, an electronic portfolio, weblog, and
resume builder, is prone to cross-site scripting attacks, which allows
the injection of arbitrary Java or HTML code.
The oldstable distribution (etch) does not contain mahara.
For the stable distribution (lenny), this problem has been fixed in
version 1.0.4-4+lenny1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your mahara package.