CVE-2012-2247

Published Nov 24, 2012

Last updated 12 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.
Source: security@debian.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A1DE181-B75C-49B1-AA87-0F0BA090E23B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8"
          },
          {
            "criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References