Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-6182
Mahara 16.10 prior to 16.10.9 and 17.04 prior to 17.04.7 and 17.10 prior to 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one...
Mahara Mahara
7.3
CVSSv3
CVE-2021-43266
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara prior to 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cau...
Mahara Mahara
4.9
CVSSv3
CVE-2019-9708
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
Mahara Mahara
5.4
CVSSv3
CVE-2019-9709
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned ...
Mahara Mahara
6.1
CVSSv3
CVE-2013-1426
Cross-site Scripting (XSS) in Mahara prior to 1.5.9 and 1.6.x prior to 1.6.4 allows remote malicious users to inject arbitrary web script or HTML via the TinyMCE editor.
Mahara Mahara
6.5
CVSSv3
CVE-2017-1000141
An issue exists in Mahara prior to 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their passw...
Mahara Mahara
6.1
CVSSv3
CVE-2020-15907
In Mahara 19.04 prior to 19.04.6, 19.10 prior to 19.10.4, and 20.04 prior to 20.04.1, certain places could execute file or folder names containing JavaScript.
Mahara Mahara
1 Github repository
5.4
CVSSv3
CVE-2017-17454
Mahara 16.10 prior to 16.10.7 and 17.04 prior to 17.04.5 and 17.10 prior to 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters...
Mahara Mahara
5.9
CVSSv3
CVE-2017-17455
Mahara 16.10 prior to 16.10.7, 17.04 prior to 17.04.5, and 17.10 prior to 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
Mahara Mahara
6.5
CVSSv3
CVE-2020-9282
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
Mahara Mahara
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »