Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x prior to 1.4.5 and 1.5.x prior to 1.5.4, and other versions including 1.2, allow remote malicious users to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mahara mahara 1.4 |
||
mahara mahara 1.4.2 |
||
mahara mahara 1.4.3 |
||
mahara mahara 1.4.4 |
||
mahara mahara 1.4.0 |
||
mahara mahara 1.4.1 |
||
mahara mahara 1.5 |
||
mahara mahara 1.5.0 |
||
mahara mahara 1.5.1 |
||
mahara mahara 1.5.2 |
||
mahara mahara 1.5.3 |