CVE 2009-3299
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Related bugs and status
CVE-2009-3299 (Candidate) is related to these bugs:
Bug #463082: privilege escalation for institution admins CVE-2009-3298
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu) | Undecided | Fix Released | ||
463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu Jaunty) | Undecided | Fix Released | ||
463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu Karmic) | Undecided | Fix Released | ||
463082 | privilege escalation for institution admins CVE-2009-3298 | mahara (Ubuntu Lucid) | Undecided | Fix Released |
Bug #463083: cross-site scripting vulnerability in resume blocktype CVE-2009-3299
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu) | Undecided | Fix Released | ||
463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu Jaunty) | Undecided | Fix Released | ||
463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu Karmic) | Undecided | Fix Released | ||
463083 | cross-site scripting vulnerability in resume blocktype CVE-2009-3299 | mahara (Ubuntu Lucid) | Undecided | Fix Released |
Bug #486687: Please sync mahara 1.1.7-1 (universe) from Debian unstable (main).
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
486687 | Please sync mahara 1.1.7-1 (universe) from Debian unstable (main). | mahara (Ubuntu) | Wishlist | Fix Released |
See the
CVE page on Mitre.org
for more details.