DSA-2067 mahara -- several vulnerabilitiesID: oval:org.mitre.oval:def:11886 | Date: (C)2010-07-31 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. The following Common Vulnerabilities and Exposures project ids identify them: Multiple pages performed insufficient input sanitising, making them vulnerable to cross-site scripting attacks. Multiple forms lacked protection against cross-site request forgery attacks, therefore making them vulnerable. Gregor Anzelj discovered that it was possible to accidentally configure an installation of mahara that allows access to another user"s account without a password. Certain Internet Explorer-specific cross-site scripting vulnerabilities were discovered in HTML Purifier, of which a copy is included in the mahara package.