4.3

CVE-2012-2243

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script.  NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MaharaMahara Version1.4 Updaterc1
MaharaMahara Version1.4 Updaterc2
MaharaMahara Version1.4 Updaterc3
MaharaMahara Version1.4 Updaterc4
MaharaMahara Version1.4.0
MaharaMahara Version1.4.1
MaharaMahara Version1.4.2
MaharaMahara Version1.4.3
MaharaMahara Version1.4.4
MaharaMahara Version1.5 Updaterc1
MaharaMahara Version1.5 Updaterc2
MaharaMahara Version1.5.0
MaharaMahara Version1.5.1
MaharaMahara Version1.5.2
MaharaMahara Version1.5.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.678
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.