CVE-2012-6037
Published Nov 24, 2012
Last updated 12 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A1DE181-B75C-49B1-AA87-0F0BA090E23B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8"
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7"
}
],
"operator": "OR"
}
]
}
]