Vulnerabilities > Mahara > Mahara > 20.04.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-28 | CVE-2022-28892 | Cross-Site Request Forgery (CSRF) vulnerability in Mahara Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. | 8.8 |
2022-04-28 | CVE-2022-29584 | Cross-site Scripting vulnerability in Mahara Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. | 3.5 |
2022-04-28 | CVE-2022-29585 | Incorrect Default Permissions vulnerability in Mahara In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. | 5.0 |