Lucene search

GoogleOSV:DSA-1778-1

HistoryApr 22, 2009 - 12:00 a.m.

mahara - cross-site scripting

2009-04-2200:00:00

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

It was discovered that mahara, an electronic portfolio, weblog, and
resume builder, is prone to cross-site scripting (XSS) attacks because
of missing input sanitization of the introduction text field in user
profiles and any text field in a user view.

The oldstable distribution (etch) does not contain mahara.

For the stable distribution (lenny), this problem has been fixed in
version 1.0.4-4+lenny2.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 1.1.3-1.

We recommend that you upgrade your mahara packages.

CPENameOperatorVersion
maharaeq1.0.4-4
maharaeq1.0.4-4+lenny1

CPE	Name	Operator	Version
	mahara	eq	1.0.4-4
	mahara	eq	1.0.4-4+lenny1

References

www.debian.org/security/2009/dsa-1778

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for OSV:DSA-1778-1