Vulnerabilities > Mahara > Mahara > 1.9.1

DATE CVE VULNERABILITY TITLE RISK
2017-11-03 CVE-2017-1000143 Information Exposure vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
network
low complexity
mahara CWE-200
4.0
4.0
2017-11-03 CVE-2017-1000142 Unspecified vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
network
low complexity
mahara
5.5
5.5
2017-11-03 CVE-2017-1000140 Cross-site Scripting vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
network
mahara CWE-79
3.5
3.5
2017-11-03 CVE-2017-1000139 Server-Side Request Forgery (SSRF) vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list.
network
mahara CWE-918
6.0
6.0
2017-11-03 CVE-2017-1000136 Insufficient Session Expiration vulnerability in Mahara
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
network
mahara CWE-613
4.3
4.3
2017-11-03 CVE-2017-1000135 Insufficient Session Expiration vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
network
low complexity
mahara CWE-613
4.0
4.0
2017-11-03 CVE-2017-1000134 Incorrect Permission Assignment for Critical Resource vulnerability in Mahara
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
network
low complexity
mahara CWE-732
6.5
6.5
2017-11-03 CVE-2017-1000132 Cross-site Scripting vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
network
mahara CWE-79
3.5
3.5