Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. The following Common Vulnerabilities and Exposures project ids identify them: Multiple pages performed insufficient input sanitising, making them vulnerable to cross-site scripting attacks. Multiple forms lacked protection against cross-site request forgery attacks, therefore making them vulnerable. Gregor Anzelj discovered that it was possible to accidentally configure an installation of mahara that allows access to another user"s account without a password. Certain Internet Explorer-specific cross-site scripting vulnerabilities were discovered in HTML Purifier, of which a copy is included in the mahara package.