VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 9, 2010· Updated Apr 29, 2026

CVE-2010-3871

CVE-2010-3871

Description

Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mahara before 1.3.3 is vulnerable to reflected XSS in blocktype/groupviews/theme/raw/groupviews.tpl via unspecified vectors.

Vulnerability

The cross-site scripting vulnerability exists in the blocktype/groupviews/theme/raw/groupviews.tpl template file of Mahara, an open source electronic portfolio system. The flaw allows injection of arbitrary web script or HTML through unspecified vectors. Affected versions include all releases prior to Mahara 1.3.3. The vulnerability is reported via Secunia Research [1] and officially addressed in the Mahara 1.3.3 release notes [2].

Exploitation

No detailed exploitation steps are provided in the available references. Since the vulnerability is a reflected XSS, it likely requires an attacker to craft a malicious link or input that, when visited or submitted by a victim user, triggers the injection in the affected template. The attacker does not need prior authentication but must rely on user interaction (e.g., clicking a link).

Impact

Successful exploitation allows an attacker to inject arbitrary web script or HTML in the context of the victim's browser. This can lead to theft of session cookies, defacement, or phishing attacks within the Mahara application. The vulnerability is rated with moderate severity, as it requires user interaction.

Mitigation

The vulnerability is fixed in Mahara version 1.3.3, released prior to the publication of this advisory. Users should upgrade to Mahara 1.3.3 or later immediately. No workarounds are documented in the available references. The fix is mentioned in the official release notes [2].

References
  1. About Secunia Research | Flexera
  2. Sign in · GitLab

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

63
  • Mahara (software)/Mahara63 versions
    cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*+ 62 more
    • cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*range: <=1.3.2
    • cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*
    • (no CPE)range: <1.3.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.