Vulnerabilities > Mahara > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-07 | CVE-2013-1426 | Cross-site Scripting vulnerability in Mahara Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. | 6.1 |
| 2019-05-07 | CVE-2019-9708 | Unspecified vulnerability in Mahara An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. | 4.9 |
| 2019-05-07 | CVE-2019-9709 | Cross-site Scripting vulnerability in Mahara An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. | 5.4 |
| 2018-06-01 | CVE-2018-11195 | Information Exposure vulnerability in Mahara Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. | 6.8 |
| 2018-05-30 | CVE-2018-11565 | Information Exposure vulnerability in Mahara Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information. | 5.3 |
| 2018-04-09 | CVE-2018-6182 | Cross-site Scripting vulnerability in Mahara Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. | 6.1 |
| 2018-02-20 | CVE-2017-17455 | Improper Certificate Validation vulnerability in Mahara Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present. | 5.9 |
| 2018-02-20 | CVE-2017-17454 | Cross-site Scripting vulnerability in Mahara Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. | 5.4 |
| 2018-01-30 | CVE-2017-1000141 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mahara An issue was discovered in Mahara before 18.10.0. | 6.5 |
| 2017-11-03 | CVE-2017-1000157 | Information Exposure vulnerability in Mahara Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. | 4.4 |