CVE-2012-6037

Priority
Description
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before
1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow
remote attackers to inject arbitrary web script or HTML via a CSV header
with "unknown fields," which are not properly handled in error messages in
the (1) bulk user, (2) group, and (3) group member upload capabilities.
NOTE: this issue was originally part of CVE-2012-2243, but that ID was
SPLIT due to different issues by different researchers.
Package
Upstream:released (1.4.5, 1.5.4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2018-10-22 14:02:45 UTC (commit 03ef231d584286304e54ae60f0de485bd42f2da8)