New question #703683 on mahara in Ubuntu: https://answers.launchpad.net/ubuntu/+source/mahara/+question/703683
CVE-2020-23052: Mahara is prone to a cross-site scripting (XSS) vulnerability in the component groupfiles.php via the Number and Description parameters. CVE-2021-29349: Mahara is prone to a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. If this is already fixed, please let me know with which version, and in general where to look up such information -- You received this question notification because your team Mahara Packaging is an answer contact for mahara in Ubuntu. _______________________________________________ Mailing list: https://launchpad.net/~mahara-packaging Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-packaging More help : https://help.launchpad.net/ListHelp
