This host is running Mahara and is prone to cross site scripting and cross site request forgery vulnerabilities.

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Upgrade to Mahara version 1.2.7 or 1.3.4. For updates refer to http://mahara.org/

- The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to delete blog posts by tricking a logged in administrative user into visiting a malicious web site. - Certain input passed via Pieform select box options is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code.

Mahara versions 1.2.x before 1.2.7 and 1.3.x before 1.3.4

• http://mahara.org/interaction/forum/topic.php?id=3205
• http://mahara.org/interaction/forum/topic.php?id=3206
• http://mahara.org/interaction/forum/topic.php?id=3208
• http://secunia.com/advisories/43858

---

Updated on 2015-03-25