Melissa

**Name of the Vulnerable Software and Affected Versions** Mahara versions 1.5.x through 1.5.6 Mahara versions 1.6.x through 1.6.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `query` parameter in the "group/members.php" file. **Recommendations** For Mahara versions 1.5.x through 1.5.6, update to version 1.5.7 or later. For Mahara versions 1.6.x through 1.6.1, update to version 1.6.2 or later.