Test ID:	1.3.6.1.4.1.25623.1.0.901199
Category:	Web application abuses
Title:	Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Summary:	Mahara is prone to multiple cross-site scripting and cross-site request forgery; vulnerabilities.
Description:	Summary: Mahara is prone to multiple cross-site scripting and cross-site request forgery vulnerabilities. Vulnerability Insight: - The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to delete blog posts by tricking a logged in administrative user into visiting a malicious web site. - Certain input passed via Pieform select box options is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Affected Software/OS: Mahara versions 1.2.x before 1.2.7 and 1.3.x before 1.3.4. Solution: Upgrade to Mahara version 1.2.7, 1.3.4 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Cross-Ref:	BugTraq ID: 47033 Common Vulnerability Exposure (CVE) ID: CVE-2011-0439 http://www.securityfocus.com/bid/47033 Debian Security Information: DSA-2206 (Google Search) http://www.debian.org/security/2011/dsa-2206 http://secunia.com/advisories/43858 XForce ISS Database: mahara-pieform-xss(66327) https://exchange.xforce.ibmcloud.com/vulnerabilities/66327 Common Vulnerability Exposure (CVE) ID: CVE-2011-0440 XForce ISS Database: mahara-blogposts-csrf(66326) https://exchange.xforce.ibmcloud.com/vulnerabilities/66326
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.