Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-2772 |
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image. Published: November 14, 2011; 10:57:56 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-2771 |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. Published: November 14, 2011; 10:57:55 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |