It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. The oldstable distribution (etch) does not contain mahara.
Pages: