Page 9 of 46 results (0.012 seconds)

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. Mahara v1.1 antes de v1.1.5 no realiza comprobaciones de permisos al guardar una vista que contiene objetos, lo que permite a los usuarios remotos autenticados leer el objeto de otro usuario. • http://mahara.org/interaction/forum/topic.php?id=753 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en Mahara v1.0 antes de v1.0.12 y v1.1 antes de v1.1.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores desconocidos. • http://mahara.org/interaction/forum/topic.php?id=752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara la v1.0.x anteriores a v1.0.11 y la v1.1.x anteriores a v1.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través (1) el campo "introduction" en el perfil de usuario o (2) un bloque de texto arbitrario en la vista de usuario. • http://mahara.org/interaction/forum/topic.php?id=532 http://osvdb.org/53891 http://osvdb.org/53892 http://secunia.com/advisories/34789 http://secunia.com/advisories/34871 http://www.debian.org/security/2009/dsa-1778 http://www.securityfocus.com/bid/34677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.0 anterior a v1.0.10 y v1.1 anterior a v1.1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) profile y (2) blog. Vulnerabilidad distinta de CVE-2009-0487. • http://mahara.org/interaction/forum/topic.php?id=350 http://secunia.com/advisories/34222 http://secunia.com/advisories/34231 http://wiki.mahara.org/Release_Notes/1.1.2 http://www.debian.org/security/2009/dsa-1736 http://www.securityfocus.com/bid/34064 http://www.vupen.com/english/advisories/2009/0665 https://exchange.xforce.ibmcloud.com/vulnerabilities/49168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.0.9, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de un mensaje manipulado en el foro. • http://mahara.org/interaction/forum/topic.php?id=198 http://secunia.com/advisories/33813 http://www.securityfocus.com/bid/33619 https://exchange.xforce.ibmcloud.com/vulnerabilities/48518 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •