CVE-2009-3299

CVSS 4.3 - MEDIUM

Description

Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected Products

21

Vendor	Product	Version
mahara	mahara	`All versions`
mahara	mahara	`1.0.4`
mahara	mahara	`1.0.7`
mahara	mahara	`1.0.10`
mahara	mahara	`1.0.11`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.0`
mahara	mahara	`1.1.1`
mahara	mahara	`1.1.2`
mahara	mahara	`1.1.3`
mahara	mahara	`1.1.4`
mahara	mahara	`1.1.5`
mahara	mahara	`1.1.6`

References

http://eduforge.org/frs/shownotes.php?release_id=5...

http://eduforge.org/frs/shownotes.php?release_id=5...

http://mahara.org/interaction/forum/topic.php?id=1...

http://secunia.com/advisories/37217

http://secunia.com/advisories/37218

http://www.debian.org/security/2009/dsa-1924

http://www.osvdb.org/59583

http://www.securityfocus.com/bid/36892

http://www.vupen.com/english/advisories/2009/3101

http://eduforge.org/frs/shownotes.php?release_id=5...

http://eduforge.org/frs/shownotes.php?release_id=5...

http://mahara.org/interaction/forum/topic.php?id=1...

http://secunia.com/advisories/37217

http://secunia.com/advisories/37218

http://www.debian.org/security/2009/dsa-1924

http://www.osvdb.org/59583

http://www.securityfocus.com/bid/36892

http://www.vupen.com/english/advisories/2009/3101

Weakness Types

CWE-79

CVE Information

CVE ID:: CVE-2009-3299
Published:: 2009-11-03
Modified:: 2026-04-23
CVSS Score:: 4.3
Severity:: MEDIUM
Vector:: AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected Vendors

mahara

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL