Vulnerabilities > Mahara > Mahara > 17.10.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-09 | CVE-2018-6182 | Cross-site Scripting vulnerability in Mahara Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. | 4.3 |
| 2018-02-20 | CVE-2017-17455 | Improper Certificate Validation vulnerability in Mahara Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present. | 4.3 |
| 2018-02-20 | CVE-2017-17454 | Cross-site Scripting vulnerability in Mahara Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. | 3.5 |
| 2018-01-30 | CVE-2017-1000141 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara An issue was discovered in Mahara before 18.10.0. | 6.4 |