CVE-2011-2771

Exploit

EPSS 0.3%
Published 15.11.2011 03:57:55
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Mahara ≫ Mahara Version <= 1.4.0

Mahara ≫ Mahara Version0.9.0

Mahara ≫ Mahara Version0.9.1

Mahara ≫ Mahara Version0.9.2

Mahara ≫ Mahara Version1.0.0

Mahara ≫ Mahara Version1.0.1

Mahara ≫ Mahara Version1.0.2

Mahara ≫ Mahara Version1.0.3

Mahara ≫ Mahara Version1.0.4

Mahara ≫ Mahara Version1.0.5

Mahara ≫ Mahara Version1.0.6

Mahara ≫ Mahara Version1.0.7

Mahara ≫ Mahara Version1.0.8

Mahara ≫ Mahara Version1.0.9

Mahara ≫ Mahara Version1.0.10

Mahara ≫ Mahara Version1.0.11

Mahara ≫ Mahara Version1.0.12

Mahara ≫ Mahara Version1.0.13

Mahara ≫ Mahara Version1.0.14

Mahara ≫ Mahara Version1.0.15

Mahara ≫ Mahara Version1.1

Mahara ≫ Mahara Version1.1.0

Mahara ≫ Mahara Version1.1.0 Updatealpha1

Mahara ≫ Mahara Version1.1.0 Updatealpha2

Mahara ≫ Mahara Version1.1.0 Updatealpha3

Mahara ≫ Mahara Version1.1.0 Updatebeta1

Mahara ≫ Mahara Version1.1.0 Updatebeta2

Mahara ≫ Mahara Version1.1.0 Updatebeta3

Mahara ≫ Mahara Version1.1.0 Updatebeta4

Mahara ≫ Mahara Version1.1.0 Updaterc1

Mahara ≫ Mahara Version1.1.0 Updaterc2

Mahara ≫ Mahara Version1.1.1

Mahara ≫ Mahara Version1.1.2

Mahara ≫ Mahara Version1.1.3

Mahara ≫ Mahara Version1.1.4

Mahara ≫ Mahara Version1.1.5

Mahara ≫ Mahara Version1.1.6

Mahara ≫ Mahara Version1.1.7

Mahara ≫ Mahara Version1.1.8

Mahara ≫ Mahara Version1.1.9

Mahara ≫ Mahara Version1.2.0

Mahara ≫ Mahara Version1.2.0 Updatealpha1

Mahara ≫ Mahara Version1.2.0 Updatealpha2

Mahara ≫ Mahara Version1.2.0 Updatealpha3

Mahara ≫ Mahara Version1.2.0 Updatebeta1

Mahara ≫ Mahara Version1.2.0 Updatebeta2

Mahara ≫ Mahara Version1.2.0 Updatebeta3

Mahara ≫ Mahara Version1.2.0 Updatebeta4

Mahara ≫ Mahara Version1.2.0 Updaterc1

Mahara ≫ Mahara Version1.2.1

Mahara ≫ Mahara Version1.2.2

Mahara ≫ Mahara Version1.2.3

Mahara ≫ Mahara Version1.2.4

Mahara ≫ Mahara Version1.2.5

Mahara ≫ Mahara Version1.2.6

Mahara ≫ Mahara Version1.3.0

Mahara ≫ Mahara Version1.3.0 Updatebeta1

Mahara ≫ Mahara Version1.3.0 Updatebeta2

Mahara ≫ Mahara Version1.3.0 Updatebeta3

Mahara ≫ Mahara Version1.3.0 Updatebeta4

Mahara ≫ Mahara Version1.3.0 Updaterc1

Mahara ≫ Mahara Version1.3.1

Mahara ≫ Mahara Version1.3.2

Mahara ≫ Mahara Version1.3.3

Mahara ≫ Mahara Version1.3.4

Mahara ≫ Mahara Version1.3.5

Mahara ≫ Mahara Version1.3.6

Mahara ≫ Mahara Version1.3.7

Mahara ≫ Mahara Version1.4 Updaterc1

Mahara ≫ Mahara Version1.4 Updaterc2

Mahara ≫ Mahara Version1.4 Updaterc3

Mahara ≫ Mahara Version1.4 Updaterc4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.498

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/46719

Vendor Advisory

http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz

http://www.debian.org/security/2011/dsa-2334

https://bugs.launchpad.net/mahara/+bug/798136

Patch

Exploit

https://launchpad.net/mahara/+milestone/1.4.1

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-2771

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2771

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2771

EUVD