DSA-1924 mahara -- several vulnerabilitiesID: oval:org.mitre.oval:def:8182 | Date: (C)2009-12-15 (M)2021-09-11 |
Class: PATCH | Family: unix |
Two vulnerabilities have been discovered in mahara, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems: Ruslan Kabalin discovered a issue with resetting passwords, which could lead to a privilege escalation of an institutional administrator account. Sven Vetsch discovered a cross-site scripting vulnerability via the resume fields.