Page 8 of 47 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 127EXPL: 0

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en HTML Purifier anterior v4.1.1, como el usado en Mahara y otros productos, cuando el navegador es Internet Explorer, permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. • http://htmlpurifier.org/news/2010/0531-4.1.1-released http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230 http://secunia.com/advisories/39613 http://secunia.com/advisories/40431 http://wiki.mahara.org/Release_Notes/1.0.15 http://wiki.mahara.org/Release_Notes/1.1.9 http://wiki.mahara.org/Release_Notes/1.2.5 http://www.securityfocus.com/bid/41259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 49EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en Mahara anterior v1.0.15, v1.1.x anterior v1.1.9, y 1.2.x anteior v1.2.5 permite a atacantes remotos secuestar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://secunia.com/advisories/40431 http://wiki.mahara.org/Release_Notes/1.0.15 http://wiki.mahara.org/Release_Notes/1.1.9 http://wiki.mahara.org/Release_Notes/1.2.5 http://www.securityfocus.com/bid/41319 https://exchange.xforce.ibmcloud.com/vulnerabilities/59994 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.0.15, v1.1.x anterior a v1.1.9, y v1.2.x anterior a v1.2.5 permite a los atacantes remotos inyectar código web o HTML a su elección a través de vectores no especificados. • http://secunia.com/advisories/40431 http://wiki.mahara.org/Release_Notes/1.0.15 http://wiki.mahara.org/Release_Notes/1.1.9 http://wiki.mahara.org/Release_Notes/1.2.5 http://www.securityfocus.com/bid/41319 https://exchange.xforce.ibmcloud.com/vulnerabilities/59993 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username. Vulnerabilidad de inyección SQL en lib/user.php en mahara v1.0.4, permite a atacantes remotos ejecutar comandos SQL de su elección a través del "username". • http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz http://www.debian.org/security/2010/dsa-2030 http://www.securityfocus.com/bid/39253 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0

Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. Mahara anterior a v1.0.13, y v1.1.x anterior a v1.1.7, permite a administradores "institution" autenticados remotamente restablecer las contraseñas de los administradores del sitio web a través de vectores no especificados. • http://eduforge.org/frs/shownotes.php?release_id=546 http://eduforge.org/frs/shownotes.php?release_id=547 http://mahara.org/interaction/forum/topic.php?id=1169 http://secunia.com/advisories/37217 http://secunia.com/advisories/37218 http://www.debian.org/security/2009/dsa-1924 http://www.osvdb.org/59584 http://www.securityfocus.com/bid/36893 http://www.vupen.com/english/advisories/2009/3101 • CWE-264: Permissions, Privileges, and Access Controls •