[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2206-1 mahara -- several

ID: oval:org.secpod.oval:def:600558Date: (C)2011-09-14   (M)2022-10-10
Class: PATCHFamily: unix




Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system: CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site scripting . CVE-2011-0440 Mahara Developers discovered that Mahara doesn"t check the session key under certain circumstances which can be exploited as cross-site request forgery and can lead to the deletion of blogs.

Platform:
Debian 5.0
Debian 6.0
Product:
mahara
Reference:
DSA-2206-1
CVE-2011-0439
CVE-2011-0440
CVE    2
CVE-2011-0439
CVE-2011-0440
CPE    27
cpe:/a:mahara:mahara:1.2.0:alpha3
cpe:/a:mahara:mahara:1.2.0:alpha1
cpe:/a:mahara:mahara:1.2.0:alpha2
cpe:/a:mahara:mahara:1.3.0:rc1
...

© SecPod Technologies