Cross-Site Scripting Vulnerabilities in Mahara CMS by Catalyst IT Ltd
CVE-2020-23052
5.4MEDIUM
What is CVE-2020-23052?
Mahara CMS version 19.10.2 by Catalyst IT Ltd contains multiple vulnerabilities that allow for cross-site scripting (XSS) through the 'groupfiles.php' component. Specifically, the parameters 'Number' (Nombre) and 'Description' (DescripciĂłn) can be exploited by attackers to inject malicious scripts. This could lead to various security issues including unauthorized access to sensitive user data and manipulation of web content.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved