Latest Vulnerabilities Affecting Mahara products

Date	CVE	Title	CVSS
2019-05-07	CVE-2019-9708	Permissions, Privileges, and Access Control vulnerability in Mahara	Medium
2019-05-07	CVE-2019-9709	Cross-Site Scripting (XSS) vulnerability in Mahara	Low
2018-06-01	CVE-2018-11195	Security Features vulnerability in Mahara	Low
2018-06-01	CVE-2018-11196	Unrestricted Upload of File with Dangerous Type vulnerability in Mahara	Medium
2018-05-30	CVE-2018-11565	Information Leak / Disclosure vulnerability in Mahara	Medium
2018-04-09	CVE-2018-6182	Cross-Site Scripting (XSS) vulnerability in Mahara	Medium
2018-02-20	CVE-2017-17454	Cross-Site Scripting (XSS) vulnerability in Mahara	Low
2018-02-20	CVE-2017-17455	Improper Certificate Validation vulnerability in Mahara	Medium
2018-01-30	CVE-2017-1000141	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara	Medium
2017-11-03	CVE-2017-1000145	Improper Access Control vulnerability in Mahara	Medium
2017-11-03	CVE-2017-1000147	Cross-Site Request Forgery (CSRF) vulnerability in Mahara	Medium
2017-11-03	CVE-2017-1000137	Cross-Site Scripting (XSS) vulnerability in Mahara 1.10/15.04	Low
2017-11-03	CVE-2017-1000138	Cross-Site Scripting (XSS) vulnerability in Mahara 1.10/15.04	Low
2017-11-03	CVE-2017-1000140	Cross-Site Scripting (XSS) vulnerability in Mahara	Low
2017-11-03	CVE-2017-1000148	Code Injection vulnerability in Mahara	Medium

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.