fkie_nvd - fkie_cve-2012-2247

fkie_cve-2012-2247

Vulnerability from fkie_nvd

Published

2012-11-24 20:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.

References

URL	Tags
security@debian.org	http://www.debian.org/security/2012/dsa-2591
security@debian.org	https://bugs.launchpad.net/mahara/+bug/1061980
security@debian.org	https://mahara.org/interaction/forum/topic.php?id=4938	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2591
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/mahara/+bug/1061980
af854a3a-2127-422b-91ae-364da2661108	https://mahara.org/interaction/forum/topic.php?id=4938	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
mahara	mahara	1.4
mahara	mahara	1.4
mahara	mahara	1.4
mahara	mahara	1.4
mahara	mahara	1.4.0
mahara	mahara	1.4.1
mahara	mahara	1.4.2
mahara	mahara	1.4.3
mahara	mahara	1.4.4
mahara	mahara	1.5
mahara	mahara	1.5
mahara	mahara	1.5.0
mahara	mahara	1.5.1
mahara	mahara	1.5.2
mahara	mahara	1.5.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A1DE181-B75C-49B1-AA87-0F0BA090E23B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en group/members.php in Mahara v1.4.x anterior a v1.4.5 y v1.5.x anterior a v1.5.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s vectores relacionados con artefact/file/ y un fichero SVG manipulado."
    }
  ],
  "id": "CVE-2012-2247",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-11-24T20:55:02.320",
  "references": [
    {
      "source": "security@debian.org",
      "url": "http://www.debian.org/security/2012/dsa-2591"
    },
    {
      "source": "security@debian.org",
      "url": "https://bugs.launchpad.net/mahara/+bug/1061980"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://mahara.org/interaction/forum/topic.php?id=4938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/mahara/+bug/1061980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://mahara.org/interaction/forum/topic.php?id=4938"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-2247 (GCVE-0-2012-2247)

Vulnerability from cvelistv5

Published

2012-11-24 20:00

Modified

2024-08-06 19:26