Red Hat Bugzilla – Bug 624753
CVE-2010-2479 moodle, sahana: XSS flaw in embedded HTML Purifier allows remote arbitrary web script injection
Last modified: 2016-03-04 05:40:20 EST
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. (CVE-2010-2479)
Both Moodle and Sahana contain embedded copies of HTML Purifier and need to be updated.
Created sahana tracking bugs for this issue
Affects: fedora-all [bug 624755]
Created moodle tracking bugs for this issue
Affects: fedora-all [bug 624754]
Sahana is still affected by this flaw in Fedora. Could this be fixed please? This issue is quite old.