CVE-2012-2237

CVSS 6.1 - MEDIUM

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.

Affected Products

3

Vendor	Product	Version
mahara	mahara	`All versions`
mahara	mahara	`All versions`
debian	debian_linux	`6.0`

References

http://www.debian.org/security/2012/dsa-2540

https://bugs.launchpad.net/mahara/+bug/1009774

https://bugs.launchpad.net/mahara/+bug/1009777

https://bugs.launchpad.net/mahara/+bug/1009784

https://mahara.org/interaction/forum/topic.php?id=...

http://www.debian.org/security/2012/dsa-2540

https://bugs.launchpad.net/mahara/+bug/1009774

https://bugs.launchpad.net/mahara/+bug/1009777

https://bugs.launchpad.net/mahara/+bug/1009784

https://mahara.org/interaction/forum/topic.php?id=...

Weakness Types

CWE-79

CVE Information

CVE ID:: CVE-2012-2237
Published:: 2019-12-17
Modified:: 2024-11-21
CVSS Score:: 6.1
Severity:: MEDIUM
Vector:: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Vendors

debian mahara

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL