Vulnerabilities > Mahara > Low

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-29584 Cross-site Scripting vulnerability in Mahara
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
network
mahara CWE-79
3.5
3.5
2021-11-02 CVE-2021-43265 Cross-site Scripting vulnerability in Mahara
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
network
mahara CWE-79
3.5
3.5
2021-11-02 CVE-2021-43264 Path Traversal vulnerability in Mahara
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal.
local
low complexity
mahara CWE-22
2.1
2.1
2020-04-30 CVE-2020-9387 Information Exposure vulnerability in Mahara
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
network
mahara CWE-200
3.5
3.5
2019-05-07 CVE-2019-9709 Cross-site Scripting vulnerability in Mahara
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1.
network
mahara CWE-79
3.5
3.5
2018-06-01 CVE-2018-11195 Information Exposure vulnerability in Mahara
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack.
local
low complexity
mahara CWE-200
2.1
2.1
2018-02-20 CVE-2017-17454 Cross-site Scripting vulnerability in Mahara
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters.
network
mahara CWE-79
3.5
3.5
2017-11-03 CVE-2017-1000132 Cross-site Scripting vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
network
mahara CWE-79
3.5
3.5
2017-11-03 CVE-2017-1000137 Cross-site Scripting vulnerability in Mahara 1.10/15.04
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
network
mahara CWE-79
3.5
3.5
2017-11-03 CVE-2017-1000138 Cross-site Scripting vulnerability in Mahara 1.10/15.04
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
network
mahara CWE-79
3.5
3.5