CVE-2011-1405

Name of the Vulnerable Software and Affected Versions Mahara versions prior to 1.3.6

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote authenticated users to inject arbitrary web script or HTML. This is achieved via vectors associated with HTML e-mail messages and is related to files artefact/comment/lib.php and interaction/forum/lib.php.

Recommendations For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTML in e-mail messages to minimize the risk of exploitation.