| Description: | Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-1667 Multiple pages performed insufficient input sanitising, making them vulnerable to cross-site scripting attacks. CVE-2010-1668 Multiple forms lacked protection against cross-site request forgery attacks, therefore making them vulnerable. CVE-2010-1670 Gregor Anzelj discovered that it was possible to accidentally configure an installation of mahara that allows access to another user's account without a password. CVE-2010-2479 Certain Internet Explorer-specific cross-site scripting vulnerabilities were discovered in HTML Purifier, of which a copy is included in the mahara package. For the stable distribution, the problems have been fixed in version 1.0.4-4+lenny6. For the testing distribution, the problems will be fixed soon. For the unstable distribution, the problems have been fixed in version 1.2.5. We recommend that you upgrade your mahara packages. |