Detections
Analytics

CVE-2009-3299

medium

Description

Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://www.vupen.com/english/advisories/2009/3101

http://www.securityfocus.com/bid/36892

http://www.osvdb.org/59583

http://www.debian.org/security/2009/dsa-1924

http://secunia.com/advisories/37218

http://secunia.com/advisories/37217

http://mahara.org/interaction/forum/topic.php?id=1170

http://eduforge.org/frs/shownotes.php?release_id=547

http://eduforge.org/frs/shownotes.php?release_id=546

Details

Source: Mitre, NVD

Published: 2009-11-03

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00604