Summary
The remote host is missing an update to mahara
announced via advisory DSA 2540-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202540-1
Insight
Emanuel Bronshtein discovered that Mahara, an electronic portfolio, weblog, and resume builder, contains multiple cross-site scripting vulnerabilities due to missing sanitization and insufficient encoding of user-supplied data.
For the stable distribution (squeeze), these problems have been fixed in version 1.2.6-2+squeeze5.
For the testing distribution (wheezy), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 1.5.1-2.
We recommend that you upgrade your mahara packages.
Severity
Classification
-
CVE CVE-2012-2237 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities