Catalyst It · Mahara · CVE-2013-1426
**Name of the Vulnerable Software and Affected Versions**
Mahara versions prior to 1.5.9
Mahara versions 1.6.x prior to 1.6.4
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. This is a Cross-site Scripting (XSS) issue.
**Recommendations**
For Mahara versions prior to 1.5.9, update to version 1.5.9 or later.
For Mahara versions 1.6.x prior to 1.6.4, update to version 1.6.4 or later.