Vulnerabilities > Mahara > Mahara > 1.10.1

DATE CVE VULNERABILITY TITLE RISK
2017-11-03 CVE-2017-1000144 Cross-site Scripting vulnerability in Mahara
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
network
mahara CWE-79
3.5
3.5
2017-11-03 CVE-2017-1000143 Information Exposure vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
network
low complexity
mahara CWE-200
4.0
4.0
2017-11-03 CVE-2017-1000142 Unspecified vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
network
low complexity
mahara
5.5
5.5
2017-11-03 CVE-2017-1000140 Cross-site Scripting vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
network
mahara CWE-79
3.5
3.5
2017-11-03 CVE-2017-1000139 Server-Side Request Forgery (SSRF) vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list.
network
mahara CWE-918
6.0
6.0
2017-11-03 CVE-2017-1000135 Insufficient Session Expiration vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
network
low complexity
mahara CWE-613
4.0
4.0
2017-11-03 CVE-2017-1000132 Cross-site Scripting vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
network
mahara CWE-79
3.5
3.5