Candidate: CVE-2012-2243
PublicDate: 2012-11-24 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2243
 https://mahara.org/interaction/forum/topic.php?id=4937
 https://bugs.launchpad.net/mahara/+bug/1055232
 https://bugs.launchpad.net/mahara/+bug/1063480
Description:
 Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and
 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script
 or HTML by uploading an XML file with the xhtml extension, which is
 rendered inline as script.  NOTE: this can be leveraged with CVE-2012-2244
 to execute arbitrary code without authentication, as demonstrated by
 modifying the clamav path.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Hugh Davenport
Assigned-to:
CVSS: 

Patches_mahara:
upstream_mahara: released (1.5.1-3)
hardy_mahara: DNE
lucid_mahara: ignored (reached end-of-life)
oneiric_mahara: ignored (reached end-of-life)
precise_mahara: ignored (reached end-of-life)
precise/esm_mahara: DNE (precise was needed)
quantal_mahara: ignored (reached end-of-life)
raring_mahara: not-affected (1.5.1-3.1)
saucy_mahara: not-affected (1.5.1-3.1)
trusty_mahara: DNE
trusty/esm_mahara: DNE
utopic_mahara: DNE
vivid_mahara: DNE
vivid/stable-phone-overlay_mahara: DNE
vivid/ubuntu-core_mahara: DNE
wily_mahara: DNE
xenial_mahara: DNE
yakkety_mahara: DNE
zesty_mahara: DNE
devel_mahara: DNE