Vulnerabilities > Mahara > Mahara > 1.3.0

DATE CVE VULNERABILITY TITLE RISK
2011-05-13 CVE-2011-1403 Cross-Site Request Forgery (CSRF) vulnerability in Mahara
Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.
network
mahara CWE-352
6.8
6.8
2011-05-13 CVE-2011-1402 Permissions, Privileges, and Access Controls vulnerability in Mahara
Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.
network
low complexity
mahara CWE-264
6.5
6.5
2011-03-28 CVE-2011-0440 Cross-Site Request Forgery (CSRF) vulnerability in Mahara
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.
network
mahara CWE-352
5.8
5.8
2011-03-28 CVE-2011-0439 Cross-Site Scripting vulnerability in Mahara
Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.
network
mahara CWE-79
4.3
4.3
2010-11-09 CVE-2010-3871 Cross-Site Scripting vulnerability in Mahara
Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
mahara CWE-79
4.3
4.3