Catalyst It · Mahara · CVE-2012-2253
**Name of the Vulnerable Software and Affected Versions**
Mahara versions 1.5.x through 1.5.6
Mahara versions 1.6.x through 1.6.1
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `query` parameter in the "group/members.php" file.
**Recommendations**
For Mahara versions 1.5.x through 1.5.6, update to version 1.5.7 or later.
For Mahara versions 1.6.x through 1.6.1, update to version 1.6.2 or later.