5 matches found
CVE-2012-6037
Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...
CVE-2012-6037
Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...
CVE-2012-6037
Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the 1...
CVE-2012-6037
CVE-2012-6037 affects Mahara installations vulnerable to cross-site scripting via a CSV header with “unknown fields” in error messages during bulk user, group, and group member uploads. Affected versions include Mahara 1.2 and 1.4.x before 1.4.5, and 1.5.x before 1.5.4. The root cause is improper...