Arbitrary Web Script Injection in Mahara 1.5.x and 1.6.x

Arbitrary Web Script Injection in Mahara 1.5.x and 1.6.x

CVE-2012-2253 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Learn more about our Web App Pen Testing.