Vulnerabilities > Mahara > Mahara > 1.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-03 | CVE-2017-1000136 | Insufficient Session Expiration vulnerability in Mahara Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. | 4.3 |
| 2017-11-03 | CVE-2017-1000135 | Insufficient Session Expiration vulnerability in Mahara Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended. | 4.0 |
| 2017-11-03 | CVE-2017-1000134 | Incorrect Permission Assignment for Critical Resource vulnerability in Mahara Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them. | 6.5 |
| 2017-11-03 | CVE-2017-1000132 | Cross-site Scripting vulnerability in Mahara Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file. | 3.5 |