Mahara cross-site scripting and Cross-Site Request Forgery Vulnerability and repair

Affected Versions:
Mahara 1.3.3
Mahara 1.2.5
Mahara 1.2.4
Mahara 1.2.3
Mahara 1.3.2
Mahara 1.3.1
Mahara 1.3.0
Mahara 1.2.6
Mahara 1.2.5
Mahara 1.2.2
Mahara 1.2.1
Mahara 1.2.0

 

Vulnerability description:

Mahara is an open-source electronic folder, network log, resume table generator, and social network system.
Mahara has multiple input verification errors. Attackers can exploit this vulnerability to obtain sensitive information or hijack target user sessions.
-The application has the Cross-Site Request Forgery Vulnerability. Attackers can construct malicious links to trick administrators into accessing and deleting blog logs.
-The input passed through the Pieform selection box does not provide correct filtering before it is displayed to the user. Attackers can inject arbitrary HTML and script code, this causes malicious code to be executed on the target user's browser when malicious data is viewed.

<* Reference
Http://mahara.org/interaction/forum/topic.php? Id = 3206
Http://mahara.org/interaction/forum/topic.php? Id = 3205
*>
Vendor solutions
Mahara 1.3.4 and 1.2.7 have fixed this vulnerability. We recommend that you download the vulnerability:
Http://mahara.org/interaction/forum/topic.php? Id = 3208