Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.
https://security-tracker.debian.org/tracker/CVE-2013-1426
https://bugs.launchpad.net/mahara/+bug/1153423
https://mahara.org/interaction/forum/topic.php?id=5365
Source: Mitre, NVD
Published: 2019-11-07
Updated: 2019-11-12
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.00414