Home > Vulnerability Database > CVE-2009-3299

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2009-3299

Date: November 3, 2009

Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity Score

3.7

Related Resources (11)

Url: http://eduforge.org/frs/shownotes.php?release_id=547

Url: http://secunia.com/advisories/37218

Url: http://eduforge.org/frs/shownotes.php?release_id=546

Url: http://secunia.com/advisories/37217

Url: http://mahara.org/interaction/forum/topic.php?id=1170

Url: http://www.vupen.com/english/advisories/2009/3101

Url: http://www.debian.org/security/2009/dsa-1924

Url: http://www.securityfocus.com/bid/36892

Url: http://www.osvdb.org/59583

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-3299

Url: https://www.mend.io/vulnerability-database/CVE-2009-3299

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us