Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).Referenceshttps://bugs.launchpad.net/mahara/+bug/1375092
