PT-2008-2014 · Catalyst It · Mahara
Published
2008-01-22
·
Updated
2008-09-05
·
CVE-2008-0381
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mahara versions prior to 0.9.1
Description
The issue is likely related to cross-site scripting (XSS) in uploaded files, allowing for remote attack vectors. The estimated number of potentially affected devices worldwide is not available.
Recommendations
For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the upload of files to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mahara