CVE-2009-0487

Mahara <1.0.9 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.

References (4)

[Vendor Advisory] http://mahara.org/interaction/forum/topic.php?id=198

[Third Party Advisory] http://secunia.com/advisories/33813

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48518

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33619

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status published

Affected Products (13)

mahara/mahara < 1.0.8

mahara/mahara

n/a/n/a

Timeline

Published Feb 09, 2009

Tracked Since Feb 18, 2026