CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2009-2170
https://notcve.org/view.php?id=CVE-2009-2170
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en Mahara v1.0 antes de v1.0.12 y v1.1 antes de v1.1.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores desconocidos. • http://mahara.org/interaction/forum/topic.php?id=752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2009-0664
https://notcve.org/view.php?id=CVE-2009-0664
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara la v1.0.x anteriores a v1.0.11 y la v1.1.x anteriores a v1.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través (1) el campo "introduction" en el perfil de usuario o (2) un bloque de texto arbitrario en la vista de usuario. • http://mahara.org/interaction/forum/topic.php?id=532 http://osvdb.org/53891 http://osvdb.org/53892 http://secunia.com/advisories/34789 http://secunia.com/advisories/34871 http://www.debian.org/security/2009/dsa-1778 http://www.securityfocus.com/bid/34677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •