Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0381
Unspecified vulnerability in Mahara prior to 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
Mahara Mahara
6.1
CVSSv3
CVE-2013-1426
Cross-site Scripting (XSS) in Mahara prior to 1.5.9 and 1.6.x prior to 1.6.4 allows remote malicious users to inject arbitrary web script or HTML via the TinyMCE editor.
Mahara Mahara
6.5
CVSSv3
CVE-2017-1000141
An issue exists in Mahara prior to 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their passw...
Mahara Mahara
6.1
CVSSv3
CVE-2018-6182
Mahara 16.10 prior to 16.10.9 and 17.04 prior to 17.04.7 and 17.10 prior to 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one...
Mahara Mahara
5.4
CVSSv3
CVE-2017-17454
Mahara 16.10 prior to 16.10.7 and 17.04 prior to 17.04.5 and 17.10 prior to 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters...
Mahara Mahara
5.9
CVSSv3
CVE-2017-17455
Mahara 16.10 prior to 16.10.7, 17.04 prior to 17.04.5, and 17.10 prior to 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
Mahara Mahara
4.9
CVSSv3
CVE-2019-9708
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
Mahara Mahara
5.4
CVSSv3
CVE-2019-9709
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned ...
Mahara Mahara
4.3
CVSSv3
CVE-2020-9386
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Mahara Mahara
6.5
CVSSv3
CVE-2020-9282
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
Mahara Mahara
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »