Cross-site scripting (XSS) vulnerability in Mahara 1.4.x prior to 1.4.5 and 1.5.x prior to 1.5.4 allows remote malicious users to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mahara mahara 1.4.2 |
||
mahara mahara 1.4.3 |
||
mahara mahara 1.4.4 |
||
mahara mahara 1.4 |
||
mahara mahara 1.4.0 |
||
mahara mahara 1.4.1 |
||
mahara mahara 1.5.1 |
||
mahara mahara 1.5.2 |
||
mahara mahara 1.5.3 |
||
mahara mahara 1.5 |
||
mahara mahara 1.5.0 |