Vulnerabilities > Mahara
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-07 | CVE-2019-9708 | Unspecified vulnerability in Mahara An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. | 4.9 |
| 2019-05-07 | CVE-2019-9709 | Cross-site Scripting vulnerability in Mahara An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. | 5.4 |
| 2018-06-01 | CVE-2018-11196 | Unrestricted Upload of File with Dangerous Type vulnerability in Mahara Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. | 7.5 |
| 2018-06-01 | CVE-2018-11195 | Information Exposure vulnerability in Mahara Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. | 6.8 |
| 2018-05-30 | CVE-2018-11565 | Information Exposure vulnerability in Mahara Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information. | 5.3 |
| 2018-04-09 | CVE-2018-6182 | Cross-site Scripting vulnerability in Mahara Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. | 6.1 |
| 2018-02-20 | CVE-2017-17455 | Improper Certificate Validation vulnerability in Mahara Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present. | 5.9 |
| 2018-02-20 | CVE-2017-17454 | Cross-site Scripting vulnerability in Mahara Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. | 5.4 |
| 2018-01-30 | CVE-2017-1000141 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara An issue was discovered in Mahara before 18.10.0. | 6.5 |
| 2017-11-03 | CVE-2017-1000171 | Information Exposure Through Log Files vulnerability in Mahara Mobile 1.2.0 Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text. | 9.8 |