Vulnerabilities > Mahara

DATE CVE VULNERABILITY TITLE RISK
2017-11-03 CVE-2017-1000147 Cross-Site Request Forgery (CSRF) vulnerability in Mahara
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget.
network
mahara CWE-352
6.0
2017-11-03 CVE-2017-1000146 Cross-site Scripting vulnerability in Mahara
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
network
mahara CWE-79
3.5
2017-11-03 CVE-2017-1000145 Unspecified vulnerability in Mahara
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
network
low complexity
mahara
4.0
2017-11-03 CVE-2017-1000144 Cross-site Scripting vulnerability in Mahara
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
network
mahara CWE-79
3.5
2017-11-03 CVE-2017-1000143 Information Exposure vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
network
low complexity
mahara CWE-200
4.0
2017-11-03 CVE-2017-1000142 Unspecified vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
network
low complexity
mahara
5.5
2017-11-03 CVE-2017-1000140 Cross-site Scripting vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
network
mahara CWE-79
3.5
2017-11-03 CVE-2017-1000139 Server-Side Request Forgery (SSRF) vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list.
network
mahara CWE-918
6.0
2017-11-03 CVE-2017-1000138 Cross-site Scripting vulnerability in Mahara 1.10/15.04
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
network
mahara CWE-79
3.5
2017-11-03 CVE-2017-1000137 Cross-site Scripting vulnerability in Mahara 1.10/15.04
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
network
mahara CWE-79
3.5