DSA-2334-1 mahara -- severalID: oval:org.secpod.oval:def:600681 | Date: (C)2012-01-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder: CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. CVE-2011-2772 Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. CVE-2011-2773 Richard Mansfield that the management of institutions was prone to cross-site request forgery. Andrew Nichols discovered a privilege escalation vulnerability in MNet handling.
Platform: |
Debian 5.0 |
Debian 6.0 |