CVE-2010-1667
https://notcve.org/view.php?id=CVE-2010-1667
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.0.15, v1.1.x anterior a v1.1.9, y v1.2.x anterior a v1.2.5 permite a los atacantes remotos inyectar código web o HTML a su elección a través de vectores no especificados. • http://secunia.com/advisories/40431 http://wiki.mahara.org/Release_Notes/1.0.15 http://wiki.mahara.org/Release_Notes/1.1.9 http://wiki.mahara.org/Release_Notes/1.2.5 http://www.securityfocus.com/bid/41319 https://exchange.xforce.ibmcloud.com/vulnerabilities/59993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3298
https://notcve.org/view.php?id=CVE-2009-3298
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. Mahara anterior a v1.0.13, y v1.1.x anterior a v1.1.7, permite a administradores "institution" autenticados remotamente restablecer las contraseñas de los administradores del sitio web a través de vectores no especificados. • http://eduforge.org/frs/shownotes.php?release_id=546 http://eduforge.org/frs/shownotes.php?release_id=547 http://mahara.org/interaction/forum/topic.php?id=1169 http://secunia.com/advisories/37217 http://secunia.com/advisories/37218 http://www.debian.org/security/2009/dsa-1924 http://www.osvdb.org/59584 http://www.securityfocus.com/bid/36893 http://www.vupen.com/english/advisories/2009/3101 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-3299
https://notcve.org/view.php?id=CVE-2009-3299
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el resume blocktype en Mahara anterior a v1.0.13, y v1.1.x anterior a v1.1.7, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de vectores no especificados. • http://eduforge.org/frs/shownotes.php?release_id=546 http://eduforge.org/frs/shownotes.php?release_id=547 http://mahara.org/interaction/forum/topic.php?id=1170 http://secunia.com/advisories/37217 http://secunia.com/advisories/37218 http://www.debian.org/security/2009/dsa-1924 http://www.osvdb.org/59583 http://www.securityfocus.com/bid/36892 http://www.vupen.com/english/advisories/2009/3101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0487
https://notcve.org/view.php?id=CVE-2009-0487
Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.0.9, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de un mensaje manipulado en el foro. • http://mahara.org/interaction/forum/topic.php?id=198 http://secunia.com/advisories/33813 http://www.securityfocus.com/bid/33619 https://exchange.xforce.ibmcloud.com/vulnerabilities/48518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0381
https://notcve.org/view.php?id=CVE-2008-0381
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. Vulnerabilidad no especificada en Mahara anterior a 0.9.1 tiene un impacto desconocido y vectores de ataque remotos, probablemente relacionado con secuencias de comandos en sitios cruzados (XSS) en actualizaciones de archivos. • http://secunia.com/advisories/28484 http://www.securityfocus.com/bid/27348 https://eduforge.org/frs/shownotes.php?release_id=342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •