Summary
Mahara is prone to a security-bypass vulnerability and to a to a cross-site scripting vulnerability.
An attacker can exploit this issue to reset the application's administrator password or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Versions prior to Mahara 1.0.13 and 1.1.7 are affected.
Solution
The vendor has released updates. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2009-3298, CVE-2009-3299 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat Directory Listing and File disclosure
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability