Vulnerabilities > Mahara

DATE CVE VULNERABILITY TITLE RISK
2017-11-03 CVE-2017-1000136 Insufficient Session Expiration vulnerability in Mahara
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
network
mahara CWE-613
4.3
2017-11-03 CVE-2017-1000135 Insufficient Session Expiration vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
network
low complexity
mahara CWE-613
4.0
2017-11-03 CVE-2017-1000134 Incorrect Permission Assignment for Critical Resource vulnerability in Mahara
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
network
low complexity
mahara CWE-732
6.5
2017-11-03 CVE-2017-1000133 Information Exposure vulnerability in Mahara
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
network
low complexity
mahara CWE-200
5.0
2017-11-03 CVE-2017-1000132 Cross-site Scripting vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
network
mahara CWE-79
3.5
2017-11-03 CVE-2017-1000131 Insufficient Session Expiration vulnerability in Mahara
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
network
low complexity
mahara CWE-613
4.0
2017-10-31 CVE-2017-15273 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.
network
mahara CWE-79
3.5
2017-10-31 CVE-2017-14752 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
network
mahara CWE-79
3.5
2017-10-31 CVE-2017-14163 Session Fixation vulnerability in Mahara
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3.
network
low complexity
mahara CWE-384
6.5
2017-09-25 CVE-2017-9551 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g.
network
mahara CWE-79
4.3