DSA-1822 mahara -- insufficient input sanitization
|ID: oval:org.mitre.oval:def:7815||Date: (C)2009-12-15 (M)2015-06-19|
|Class: PATCH||Family: unix|
It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. The oldstable distribution (etch) does not contain mahara.