Mahara Multiple Vulnerabilities Network Vulnerability

Summary

Mahara is prone to a security-bypass vulnerability and to a to a cross-site scripting vulnerability. An attacker can exploit this issue to reset the application's administrator password or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Versions prior to Mahara 1.0.13 and 1.1.7 are affected.

Solution

The vendor has released updates. Please see the references for details.

References

http://mahara.org/
http://mahara.org/interaction/forum/topic.php?id=1169
http://mahara.org/interaction/forum/topic.php?id=1170
http://wiki.mahara.org/Release_Notes/1.1.7
http://www.securityfocus.com/bid/36892
http://www.securityfocus.com/bid/36893

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3298, CVE-2009-3299

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability

Mahara Multiple vulnerabilities

Take action and discover your vulnerabilities