Mahara Multiple Remote Vulnerabilities

Mahara is prone to the following multiple vulnerabilities:

1. Remote code execution vulnerability (CVE-2012-2244)
2. Clickjacking vulnerability (CVE-2012-2246)
3. Multiple cross-site scripting vulnerabilities (CVE-2012-6037)

Exploiting these issues may allow an attacker to compromise the application, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, or perform unauthorized actions on behalf of the user. Other attacks are also possible.

Mahara 1.4.x versions prior to 1.4.5 and 1.5.x versions prior to 1.5.4 are affected.


Privacy Statement
Copyright 2010, SecurityFocus