Vulnerabilities > Mahara > Mahara > 15.10.1

DATE CVE VULNERABILITY TITLE RISK
2017-11-03 CVE-2017-1000152 Unspecified vulnerability in Mahara
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served.
network
low complexity
mahara
7.5
7.5
2017-11-03 CVE-2017-1000151 Information Exposure vulnerability in Mahara
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
network
low complexity
mahara CWE-200
5.0
5.0
2017-11-03 CVE-2017-1000150 Session Fixation vulnerability in Mahara
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout.
network
low complexity
mahara CWE-384
6.5
6.5
2017-11-03 CVE-2017-1000149 Cross-site Scripting vulnerability in Mahara
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
network
mahara CWE-79
3.5
3.5
2017-11-03 CVE-2017-1000148 Deserialization of Untrusted Data vulnerability in Mahara
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
network
low complexity
mahara CWE-502
6.5
6.5
2017-11-03 CVE-2017-1000133 Information Exposure vulnerability in Mahara
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
network
low complexity
mahara CWE-200
5.0
5.0
2017-11-03 CVE-2017-1000131 Insufficient Session Expiration vulnerability in Mahara
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
network
low complexity
mahara CWE-613
4.0
4.0