First published: Thu Nov 07 2019(Updated: )
Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.
Credit: security@debian.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/mahara | ||
Mahara Mahara | <1.5.9 | |
Mahara Mahara | >=1.6.0<1.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2013-1426.
The severity of CVE-2013-1426 is medium with a CVSS score of 6.1.
CVE-2013-1426 is a Cross-site Scripting (XSS) vulnerability in Mahara before 1.5.9 and 1.6.x before 1.6.4 that allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.
Mahara versions before 1.5.9 and 1.6.x before 1.6.4 are affected by CVE-2013-1426.
To mitigate CVE-2013-1426, it is recommended to upgrade to Mahara version 1.5.9 or newer, or version 1.6.4 or newer.