Launchpad.net

CVE 2011-1405

Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.

Related bugs and status

CVE-2011-1405 (Candidate) is related to these bugs:

Bug #772860: HTML emails not escaped

		In	Importance	Status
772860	HTML emails not escaped	Mahara	High	Fix Released
772860	HTML emails not escaped	Mahara 1.2	High	Fix Released
772860	HTML emails not escaped	Mahara 1.3	High	Fix Released

Bug #780917: Major security updates for Mahara

		In	Importance	Status
780917	Major security updates for Mahara	mahara (Ubuntu)	Undecided	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Lucid)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Maverick)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Natty)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Oneiric)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1405

Related bugs and status

Related bugs

References