Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2010-07-06	CVE-2010-1667	Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network mahara CWE-79	4.3
2009-11-03	CVE-2009-3299	Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network mahara CWE-79	4.3
2009-11-03	CVE-2009-3298	Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors. network low complexity mahara CWE-264	6.5
2009-06-23	CVE-2009-2171	Permissions, Privileges, and Access Controls vulnerability in Mahara Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. network low complexity mahara CWE-264	4.0
2009-06-23	CVE-2009-2170	Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. network mahara CWE-79	4.3
2009-04-23	CVE-2009-0664	Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. network mahara CWE-79	4.3
2009-03-11	CVE-2009-0660	Cross-Site Scripting vulnerability in Mahara Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. network mahara CWE-79	4.3
2009-02-09	CVE-2009-0487	Cross-Site Scripting vulnerability in Mahara Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post. network mahara CWE-79	4.3
2008-01-22	CVE-2008-0381	Cross-Site Scripting vulnerability in Mahara 0.9.0 Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. network mahara CWE-79	4.3