CVSS: 5.0EPSS: 1%CPEs: 72EXPL: 0CVE-2011-2772
https://notcve.org/view.php?id=CVE-2011-2772
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image. La función get_dataroot_image_path en lib/file.php en Mahara anterior a v1.4.1 no valida adecuadamente la subida de imagenes, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de (1) imagen no válida o (2)grande. • http://secunia.com/advisories/46719 http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz http://www.debian.org/security/2011/dsa-2334 https://bugs.launchpad.net/mahara/+bug/784978 https://launchpad.net/mahara/+milestone/1.4.1 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 1CVE-2011-2771
https://notcve.org/view.php?id=CVE-2011-2771
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.4.1 permite a atacantes remotos inyectar código web script o HTML a través de vectores relacionado con (1) atributos URI y (2) el componente External Feed, como se demostró por el elemento "guid" en un RSS. • http://secunia.com/advisories/46719 http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz http://www.debian.org/security/2011/dsa-2334 https://bugs.launchpad.net/mahara/+bug/798136 https://launchpad.net/mahara/+milestone/1.4.1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •