Vulnerabilities > Mahara > Mahara > 17.04.3

DATE CVE VULNERABILITY TITLE RISK
2018-02-20 CVE-2017-17454 Cross-site Scripting vulnerability in Mahara
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters.
network
mahara CWE-79
3.5
3.5
2018-01-30 CVE-2017-1000141 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara
An issue was discovered in Mahara before 18.10.0.
network
low complexity
mahara CWE-640
6.4
6.4
2017-10-31 CVE-2017-15273 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.
network
mahara CWE-79
3.5
3.5
2017-10-31 CVE-2017-14752 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
network
mahara CWE-79
3.5
3.5