Vulnerabilities > Mahara > Mahara > 15.10.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-03 | CVE-2017-1000152 | Unspecified vulnerability in Mahara Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. | 7.5 |
2017-11-03 | CVE-2017-1000151 | Information Exposure vulnerability in Mahara Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log. | 5.0 |
2017-11-03 | CVE-2017-1000150 | Session Fixation vulnerability in Mahara Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. | 6.5 |
2017-11-03 | CVE-2017-1000149 | Cross-site Scripting vulnerability in Mahara Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) | 3.5 |
2017-11-03 | CVE-2017-1000148 | Deserialization of Untrusted Data vulnerability in Mahara Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file. | 6.5 |
2017-11-03 | CVE-2017-1000133 | Information Exposure vulnerability in Mahara Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages. | 5.0 |
2017-11-03 | CVE-2017-1000131 | Insufficient Session Expiration vulnerability in Mahara Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions. | 4.0 |