Page 9 of 47 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el resume blocktype en Mahara anterior a v1.0.13, y v1.1.x anterior a v1.1.7, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elección a través de vectores no especificados. • http://eduforge.org/frs/shownotes.php?release_id=546 http://eduforge.org/frs/shownotes.php?release_id=547 http://mahara.org/interaction/forum/topic.php?id=1170 http://secunia.com/advisories/37217 http://secunia.com/advisories/37218 http://www.debian.org/security/2009/dsa-1924 http://www.osvdb.org/59583 http://www.securityfocus.com/bid/36892 http://www.vupen.com/english/advisories/2009/3101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. Mahara v1.1 antes de v1.1.5 no realiza comprobaciones de permisos al guardar una vista que contiene objetos, lo que permite a los usuarios remotos autenticados leer el objeto de otro usuario. • http://mahara.org/interaction/forum/topic.php?id=753 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en Mahara v1.0 antes de v1.0.12 y v1.1 antes de v1.1.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores desconocidos. • http://mahara.org/interaction/forum/topic.php?id=752 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara la v1.0.x anteriores a v1.0.11 y la v1.1.x anteriores a v1.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a través (1) el campo "introduction" en el perfil de usuario o (2) un bloque de texto arbitrario en la vista de usuario. • http://mahara.org/interaction/forum/topic.php?id=532 http://osvdb.org/53891 http://osvdb.org/53892 http://secunia.com/advisories/34789 http://secunia.com/advisories/34871 http://www.debian.org/security/2009/dsa-1778 http://www.securityfocus.com/bid/34677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.0 anterior a v1.0.10 y v1.1 anterior a v1.1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) profile y (2) blog. Vulnerabilidad distinta de CVE-2009-0487. • http://mahara.org/interaction/forum/topic.php?id=350 http://secunia.com/advisories/34222 http://secunia.com/advisories/34231 http://wiki.mahara.org/Release_Notes/1.1.2 http://www.debian.org/security/2009/dsa-1736 http://www.securityfocus.com/bid/34064 http://www.vupen.com/english/advisories/2009/0665 https://exchange.xforce.ibmcloud.com/vulnerabilities/49168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •