Lucene search
GoogleOSV:DSA-2067-1HistoryJul 02, 2010 - 12:00 a.m.
mahara - several vulnerabilities
2010-07-0200:00:00
Google
osv.dev
8
0.007 Low
EPSS
Percentile
79.8%
Several vulnerabilities were discovered in mahara, an electronic portfolio,
weblog, and resume builder. The following Common Vulnerabilities and
Exposures project ids identify them:
- CVE-2010-1667
Multiple pages performed insufficient input sanitising, making them
vulnerable to cross-site scripting attacks. - CVE-2010-1668
Multiple forms lacked protection against cross-site request forgery
attacks, therefore making them vulnerable. - CVE-2010-1670
Gregor Anzelj discovered that it was possible to accidentally
configure an installation of mahara that allows access to another
user’s account without a password. - CVE-2010-2479
Certain Internet Explorer-specific cross-site scripting
vulnerabilities were discovered in HTML Purifier, of which a copy
is included in the mahara package.
For the stable distribution (lenny), the problems have been fixed in
version 1.0.4-4+lenny6.
For the testing distribution (squeeze), the problems will be fixed soon.
For the unstable distribution (sid), the problems have been fixed in
version 1.2.5.
We recommend that you upgrade your mahara packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mahara | eq | 1.0.4-4 | |
| mahara | eq | 1.0.4-4+lenny1 | |
| mahara | eq | 1.0.4-4+lenny2 | |
| mahara | eq | 1.0.4-4+lenny3 | |
| mahara | eq | 1.0.4-4+lenny4 | |
| mahara | eq | 1.0.4-4+lenny5 |
References
Related
openvas
openvas
Debian: Security Advisory (DSA-2067-1)
2023-03-08 00:00:00
Mahara Multiple Remote Vulnerabilities
2010-07-05 00:00:00
Mahara Multiple Remote Vulnerabilities
2010-07-05 00:00:00
nessus
nessus
Debian DSA-2067-1 : mahara - several vulnerabilities
2010-07-05 00:00:00
Fedora 14 : moodle-1.9.9-2.fc14 (2010-13396)
2010-08-24 00:00:00
Fedora 13 : moodle-1.9.9-2.fc13 (2010-13250)
2010-08-23 00:00:00
debian
debian
[SECURITY] [DSA-2067-1] New mahara packages fix several vulnerabilities
2010-07-02 16:16:39
prion
prion
Cross site request forgery (csrf)
2010-07-06 17:17:00
Cross site scripting
2010-07-06 17:17:00
Authentication flaw
2010-07-06 17:17:00
nvd
nvd
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
osv
osv
HTML Purifier Cross-site Scripting (XSS) vulnerability
2022-05-17 05:49:44
HTML Purifier cross-site scripting (XSS) vulnerability
2022-05-13 01:07:48
friendsofphp
friendsofphp
XSS vulnerability exploitable on Internet Explorer
2010-06-01 00:00:00
XSS vulnerability exploitable on Internet Explorer
2010-06-01 00:00:00
github
github
HTML Purifier Cross-site Scripting (XSS) vulnerability
2022-05-17 05:49:44
HTML Purifier cross-site scripting (XSS) vulnerability
2022-05-13 01:07:48
debiancve
debiancve
CVE-2010-2479
2010-07-06 17:17:14
CVE-2010-4183
2022-10-03 16:21:05
fedora
fedora
[SECURITY] Fedora 14 Update: moodle-1.9.9-2.fc14
2010-08-24 01:10:42
[SECURITY] Fedora 13 Update: moodle-1.9.9-2.fc13
2010-08-21 04:29:52
[SECURITY] Fedora 12 Update: moodle-1.9.9-2.fc12
2010-08-21 04:31:17