CVE-2012-2237
MEDIUMMahara 1.4.0-1.4.2 and 1.5.0-1.5.1 - Cross-Site Scripting via Login Form, Links, Resources, and Display Name
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-2237. PoCs published by anonymous.
AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in Mahara by injecting HTML and script code via a crafted URL parameter. The payload triggers an alert box, confirming the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
Exploits (1)
This exploit demonstrates an XSS vulnerability in Mahara by injecting HTML and script code via a crafted URL parameter. The payload triggers an alert box, confirming the vulnerability.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N