Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mahara | Mahara | >= 1.4.0, < 1.4.3 |
| Debian | Debian Linux | 6.0 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2012/dsa-2540Third Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1009774ExploitThird Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1009777ExploitThird Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1009784ExploitPatchThird Party Advisory
- https://mahara.org/interaction/forum/topic.php?id=4748PatchVendor Advisory
- http://www.debian.org/security/2012/dsa-2540Third Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1009774ExploitThird Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1009777ExploitThird Party Advisory
- https://bugs.launchpad.net/mahara/+bug/1009784ExploitPatchThird Party Advisory
- https://mahara.org/interaction/forum/topic.php?id=4748PatchVendor Advisory
FAQ
What is CVE-2012-2237?
CVE-2012-2237 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascr...
How severe is CVE-2012-2237?
CVE-2012-2237 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2237?
Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara, Debian Debian Linux.