漏洞信息详情

Mahara profile和blog 跨站脚本攻击漏洞

  • CNNVD编号:CNNVD-200903-211
  • 危害等级: 中危
  • CVE编号: CVE-2009-0660
  • 漏洞类型: 跨站脚本
  • 发布时间: 2009-03-11
  • 威胁类型: 远程
  • 更新时间: 2009-03-21
  • 厂        商: mahara
  • 漏洞来源: Mahara

漏洞简介

Mahara是一个开源的电子档案和社交网站应用程序。

Mahara 1.0之前的版本1.0.10版本和1.1.2版本之前1.1版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助一个(1)剖面图或(2)blog,注入任意web脚本或HTML。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Debian Linux 5.0 hppa

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 ia-64

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Debian Linux 5.0 m68k

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 arm

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 armel

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 amd64

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 alpha

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 ia-32

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 mips

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 s/390

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 mipsel

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 powerpc

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb

Debian Linux 5.0 sparc

Debian mahara-apache2_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb

Debian mahara_1.0.4-4+lenny1_all.deb

http://security.debian.org/pool/u

参考网址

来源: BID

名称: 34064

链接: http://www.securityfocus.com/bid/34064

来源: XF

名称: mahara-userprofile-xss(49168)

链接: http://xforce.iss.net/xforce/xfdb/49168

来源: VUPEN

名称: ADV-2009-0665

链接: http://www.vupen.com/english/advisories/2009/0665

来源: DEBIAN

名称: DSA-1736

链接: http://www.debian.org/security/2009/dsa-1736

来源: wiki.mahara.org

链接: http://wiki.mahara.org/Release_Notes/1.1.2

来源: SECUNIA

名称: 34231

链接: http://secunia.com/advisories/34231

来源: SECUNIA

名称: 34222

链接: http://secunia.com/advisories/34222

来源: CONFIRM

链接: http://mahara.org/interaction/forum/topic.php?id=350

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多