CVE-2009-3299

EUVD-2009-3281
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
maharamahara
𝑥
≤ 1.0.12
maharamahara
1.0.4
maharamahara
1.0.7
maharamahara
1.0.10
maharamahara
1.0.11
maharamahara
1.1.0
maharamahara
1.1.0:alpha1
maharamahara
1.1.0:alpha2
maharamahara
1.1.0:alpha3
maharamahara
1.1.0:beta1
maharamahara
1.1.0:beta2
maharamahara
1.1.0:beta3
maharamahara
1.1.0:beta4
maharamahara
1.1.0:rc1
maharamahara
1.1.0:rc2
maharamahara
1.1.1
maharamahara
1.1.2
maharamahara
1.1.3
maharamahara
1.1.4
maharamahara
1.1.5
maharamahara
1.1.6
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mahara
dapper
dne
hardy
dne
intrepid
ignored
jaunty
Fixed 1.0.9-2ubuntu0.5
released
karmic
Fixed 1.1.5-1ubuntu0.1
released
Common Weakness Enumeration
References
http://eduforge.org/frs/shownotes.php?release_id=546
http://eduforge.org/frs/shownotes.php?release_id=547
http://mahara.org/interaction/forum/topic.php?id=1170
http://secunia.com/advisories/37217
http://secunia.com/advisories/37218
http://www.debian.org/security/2009/dsa-1924
http://www.osvdb.org/59583
http://www.securityfocus.com/bid/36892
http://www.vupen.com/english/advisories/2009/3101
http://eduforge.org/frs/shownotes.php?release_id=546
http://eduforge.org/frs/shownotes.php?release_id=547
http://mahara.org/interaction/forum/topic.php?id=1170
http://secunia.com/advisories/37217
http://secunia.com/advisories/37218
http://www.debian.org/security/2009/dsa-1924
http://www.osvdb.org/59583
http://www.securityfocus.com/bid/36892
http://www.vupen.com/english/advisories/2009/3101