CVE-2024-35203 — MEDIUM (6.1)

Q: What is CVE-2024-35203?

CVE-2024-35203 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.

Q: How severe is CVE-2024-35203?

CVE-2024-35203 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-35203?

Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.

Vulnerability Description

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Mahara	Mahara	< 22.10.6

Related Weaknesses (CWE)

CWE-79

References

https://git.mahara.org/catalyst-security/mahara-security/-/merge_requests/6Vendor Advisory
https://mahara.org/interaction/forum/topic.php?id=9519Vendor Advisory

FAQ

What is CVE-2024-35203?

CVE-2024-35203 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.

How severe is CVE-2024-35203?

CVE-2024-35203 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-35203?

Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara.