CVE-2011-2771

Mahara < 1.4.0 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.

References (5)

[Vendor Advisory] http://secunia.com/advisories/46719

[Various Sources] http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz

[Exploit, Patch] https://bugs.launchpad.net/mahara/+bug/798136

[Patch] https://launchpad.net/mahara/+milestone/1.4.1

[Third Party Advisory] http://www.debian.org/security/2011/dsa-2334

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Classification

CWE

CWE-79

Status published

Affected Products (50)

mahara/mahara < 1.4.0

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

mahara/mahara

... and 35 more

Timeline

Published Nov 15, 2011

Tracked Since Feb 18, 2026