Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before
1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow
remote attackers to inject arbitrary web script or HTML via a CSV header
with "unknown fields," which are not properly handled in error messages in
the (1) bulk user, (2) group, and (3) group member upload capabilities.
NOTE: this issue was originally part of CVE-2012-2243, but that ID was
SPLIT due to different issues by different researchers.
Upstream:released (1.4.5, 1.5.4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-01-14 22:06:16 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)