DSA-2206-1 mahara -- severalID: oval:org.secpod.oval:def:600558 | Date: (C)2011-09-14 (M)2022-10-10 |
Class: PATCH | Family: unix |
Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system: CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site scripting . CVE-2011-0440 Mahara Developers discovered that Mahara doesn"t check the session key under certain circumstances which can be exploited as cross-site request forgery and can lead to the deletion of blogs.
Platform: |
Debian 5.0 |
Debian 6.0 |