6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%
Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and
1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script
or HTML by uploading an XML file with the xhtml extension, which is
rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244
to execute arbitrary code without authentication, as demonstrated by
modifying the clamav path.