CVE-2012-2237
Mahara 1.4.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Mahara versiones 1.4.x anteriores a la versión 1.4.3 y versiones 1.5.x anteriores a la versión 1.5.2, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con (1) javascript innerHTML como es usado cuando se generan formularios de inicio de sesión, (2) enlaces o (3) URL de recursos, y (4) el nombre Display en un perfil de usuario.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-04-16 CVE Reserved
- 2012-08-02 First Exploit
- 2012-09-08 CVE Published
- 2024-08-06 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2540 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/37565 | 2012-08-02 | |
| https://bugs.launchpad.net/mahara/+bug/1009774 | 2024-08-06 | |
| https://bugs.launchpad.net/mahara/+bug/1009777 | 2024-08-06 | |
| https://bugs.launchpad.net/mahara/+bug/1009784 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=4748 | 2019-12-21 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mahara Search vendor "Mahara" | Mahara Search vendor "Mahara" for product "Mahara" | >= 1.4.0 < 1.4.3 Search vendor "Mahara" for product "Mahara" and version " >= 1.4.0 < 1.4.3" | - |
Affected
| ||||||
| Mahara Search vendor "Mahara" | Mahara Search vendor "Mahara" for product "Mahara" | >= 1.5.0 < 1.5.2 Search vendor "Mahara" for product "Mahara" and version " >= 1.5.0 < 1.5.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||