Lucene search

K

[email protected]NVD:CVE-2012-2243

HistoryNov 24, 2012 - 8:55 p.m.

CVE-2012-2243

2012-11-2420:55:02

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.1 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path.

Affected configurations

NVD

Node

maharamaharaMatch1.4rc1

OR

maharamaharaMatch1.4rc2

OR

maharamaharaMatch1.4rc3

OR

maharamaharaMatch1.4rc4

OR

maharamaharaMatch1.4.0

OR

maharamaharaMatch1.4.1

OR

maharamaharaMatch1.4.2

OR

maharamaharaMatch1.4.3

OR

maharamaharaMatch1.4.4

Node

maharamaharaMatch1.5rc1

OR

maharamaharaMatch1.5rc2

OR

maharamaharaMatch1.5.0

OR

maharamaharaMatch1.5.1

OR

maharamaharaMatch1.5.2

OR

maharamaharaMatch1.5.3

References

www.debian.org/security/2012/dsa-2591

bugs.launchpad.net/mahara/+bug/1055232

mahara.org/interaction/forum/topic.php?id=4937

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

8.1 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

Related for NVD:CVE-2012-2243

cvelist3 nvd2 cve3 ubuntucve3 prion3 openvas2 securityvulns2 nessus1 debian1