Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder: CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. CVE-2011-2772 Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. CVE-2011-2773 Richard Mansfield that the management of institutions was prone to cross-site request forgery. Andrew Nichols discovered a privilege escalation vulnerability in MNet handling.