Launchpad.net

CVE 2011-0439

Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.

Related bugs and status

CVE-2011-0439 (Candidate) is related to these bugs:

Bug #676336: Blogs get deleted without sesskey check

		In	Importance	Status
676336	Blogs get deleted without sesskey check	Mahara	High	Fix Released
676336	Blogs get deleted without sesskey check	Mahara 1.3	High	Fix Released
676336	Blogs get deleted without sesskey check	mahara (Ubuntu)	Medium	Fix Released
676336	Blogs get deleted without sesskey check	mahara (Ubuntu Lucid)	Undecided	Fix Released
676336	Blogs get deleted without sesskey check	mahara (Ubuntu Maverick)	Undecided	Fix Released
676336	Blogs get deleted without sesskey check	mahara (Ubuntu Natty)	Medium	Fix Released

Bug #710428: XSS in select box validation

		In	Importance	Status
710428	XSS in select box validation	Mahara	High	Fix Released
710428	XSS in select box validation	Mahara 1.2	High	Fix Released
710428	XSS in select box validation	Mahara 1.3	High	Fix Released
710428	XSS in select box validation	mahara (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-0439

Related bugs and status

Related bugs

References