4.3

CVE-2009-3299

Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MaharaMahara Version <= 1.0.12
MaharaMahara Version1.0.4
MaharaMahara Version1.0.7
MaharaMahara Version1.0.10
MaharaMahara Version1.0.11
MaharaMahara Version1.1.0
MaharaMahara Version1.1.0 Updatealpha1
MaharaMahara Version1.1.0 Updatealpha2
MaharaMahara Version1.1.0 Updatealpha3
MaharaMahara Version1.1.0 Updatebeta1
MaharaMahara Version1.1.0 Updatebeta2
MaharaMahara Version1.1.0 Updatebeta3
MaharaMahara Version1.1.0 Updatebeta4
MaharaMahara Version1.1.0 Updaterc1
MaharaMahara Version1.1.0 Updaterc2
MaharaMahara Version1.1.1
MaharaMahara Version1.1.2
MaharaMahara Version1.1.3
MaharaMahara Version1.1.4
MaharaMahara Version1.1.5
MaharaMahara Version1.1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.27% 0.807
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://eduforge.org/frs/shownotes.php?release_id=546
Patch
http://eduforge.org/frs/shownotes.php?release_id=547
http://secunia.com/advisories/37217
Vendor Advisory
http://secunia.com/advisories/37218
Vendor Advisory
http://www.debian.org/security/2009/dsa-1924
http://www.vupen.com/english/advisories/2009/3101
Patch
Vendor Advisory
http://mahara.org/interaction/forum/topic.php?id=1170
http://www.osvdb.org/59583
http://www.securityfocus.com/bid/36892
Patch