CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2009-2170
https://notcve.org/view.php?id=CVE-2009-2170
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en Mahara v1.0 antes de v1.0.12 y v1.1 antes de v1.1.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores desconocidos. • http://mahara.org/interaction/forum/topic.php?id=752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2009-0664
https://notcve.org/view.php?id=CVE-2009-0664
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara la v1.0.x anteriores a v1.0.11 y la v1.1.x anteriores a v1.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través (1) el campo "introduction" en el perfil de usuario o (2) un bloque de texto arbitrario en la vista de usuario. • http://mahara.org/interaction/forum/topic.php?id=532 http://osvdb.org/53891 http://osvdb.org/53892 http://secunia.com/advisories/34789 http://secunia.com/advisories/34871 http://www.debian.org/security/2009/dsa-1778 http://www.securityfocus.com/bid/34677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1CVE-2009-0660
https://notcve.org/view.php?id=CVE-2009-0660
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.0 anterior a v1.0.10 y v1.1 anterior a v1.1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) profile y (2) blog. Vulnerabilidad distinta de CVE-2009-0487. • http://mahara.org/interaction/forum/topic.php?id=350 http://secunia.com/advisories/34222 http://secunia.com/advisories/34231 http://wiki.mahara.org/Release_Notes/1.1.2 http://www.debian.org/security/2009/dsa-1736 http://www.securityfocus.com/bid/34064 http://www.vupen.com/english/advisories/2009/0665 https://exchange.xforce.ibmcloud.com/vulnerabilities/49168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2009-0487
https://notcve.org/view.php?id=CVE-2009-0487
Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.0.9, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de un mensaje manipulado en el foro. • http://mahara.org/interaction/forum/topic.php?id=198 http://secunia.com/advisories/33813 http://www.securityfocus.com/bid/33619 https://exchange.xforce.ibmcloud.com/vulnerabilities/48518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0381
https://notcve.org/view.php?id=CVE-2008-0381
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. Vulnerabilidad no especificada en Mahara anterior a 0.9.1 tiene un impacto desconocido y vectores de ataque remotos, probablemente relacionado con secuencias de comandos en sitios cruzados (XSS) en actualizaciones de archivos. • http://secunia.com/advisories/28484 http://www.securityfocus.com/bid/27348 https://eduforge.org/frs/shownotes.php?release_id=342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •