Debian Security Advisory 1736-1 - It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting attacks, which allows the injection of arbitrary Java or HTML code.
e14e77bc490f85865ca84428c824b0182e131a0a215d4728cd81e6f229f110d1