mahara: insufficient input sanitization
| Package(s): | mahara | CVE #(s): | CVE-2009-0664 | ||||
| Created: | April 23, 2009 | Updated: | April 29, 2009 | ||||
| Description: | Mahara has an insufficient input sanitization vulnerability. From the Debian alert: It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting (XSS) attacks because of missing input sanitization of the introduction text field in user profiles and any text field in a user view. | ||||||
| Alerts: |
| ||||||