CVE-2012-2247

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-2247 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: https://mahara.org/interaction/forum/topic.php?id=4937
The original article can be found at: https://mahara.org/interaction/forum/topic.php?id=4938
The information has been provided by Himansu Das,Mike Haworth, Ajay Singh Negi.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-2247

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Mahara Mahara 1.4.1 and prior

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path.

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.

CVE Information:
CVE-2012-2243
CVE-2012-2247

Disclosure Timeline:
Published: October 15 2012

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus