Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2013-1426
Cross-site Scripting (XSS) in Mahara prior to 1.5.9 and 1.6.x prior to 1.6.4 allows remote malicious users to inject arbitrary web script or HTML via the TinyMCE editor.
Mahara Mahara
4
CVSSv2
CVE-2019-9708
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
Mahara Mahara
3.5
CVSSv2
CVE-2019-9709
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned ...
Mahara Mahara
4
CVSSv2
CVE-2020-9282
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
Mahara Mahara
3.5
CVSSv2
CVE-2017-17454
Mahara 16.10 prior to 16.10.7 and 17.04 prior to 17.04.5 and 17.10 prior to 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters...
Mahara Mahara
4.3
CVSSv2
CVE-2017-17455
Mahara 16.10 prior to 16.10.7, 17.04 prior to 17.04.5, and 17.10 prior to 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
Mahara Mahara
4
CVSSv2
CVE-2020-9386
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Mahara Mahara
2.1
CVSSv2
CVE-2021-43264
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows malicious users to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
Mahara Mahara
3.5
CVSSv2
CVE-2021-43265
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
Mahara Mahara
4.3
CVSSv2
CVE-2008-0381
Unspecified vulnerability in Mahara prior to 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
Mahara Mahara
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »