Debian Security Advisory 1924 mahara – several vulnerabilities

30
Article Source Debian Security Advisories
October 30, 2009, 5:00 pm

Two vulnerabilities have been discovered in, an electronic portfolio, weblog, and resume builder. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2009-3298

    Ruslan Kabalin discovered a issue with resetting passwords, which could lead to a privilege escalation of an institutional administrator account.

  • CVE-2009-3299

    Sven Vetsch discovered a cross-site scripting vulnerability via the resume fields…