Launchpad.net

CVE 2011-2771

Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.

Related bugs and status

CVE-2011-2771 (Candidate) is related to these bugs:

Bug #798136: XSS in URI attributes in the externalfeed block

Summary				In	Importance	Status
	798136	XSS in URI attributes in the externalfeed block		Mahara	High	Fix Released
	798136	XSS in URI attributes in the externalfeed block		Mahara 1.3	High	Fix Released

Bug #888358: Several security updates for Mahara

		In	Importance	Status
888358	Several security updates for Mahara	mahara (Ubuntu)	High	Fix Released
888358	Several security updates for Mahara	mahara (Ubuntu Lucid)	High	Fix Released
888358	Several security updates for Mahara	mahara (Ubuntu Maverick)	High	Fix Released
888358	Several security updates for Mahara	mahara (Ubuntu Precise)	High	Fix Released
888358	Several security updates for Mahara	mahara (Ubuntu Oneiric)	High	Fix Released
888358	Several security updates for Mahara	mahara (Ubuntu Natty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-2771

Related bugs and status

Related bugs

References