Cross-site Scripting (XSS) in Mahara prior to 1.5.9 and 1.6.x prior to 1.6.4 allows remote malicious users to inject arbitrary web script or HTML via the TinyMCE editor.
mahara mahara