Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-15907
In Mahara 19.04 prior to 19.04.6, 19.10 prior to 19.10.4, and 20.04 prior to 20.04.1, certain places could execute file or folder names containing JavaScript.
Mahara Mahara
1 Github repository
312
VMScore
CVE-2019-9709
An issue exists in Mahara 17.10 prior to 17.10.8, 18.04 prior to 18.04.4, and 18.10 prior to 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned ...
Mahara Mahara
570
VMScore
CVE-2017-1000141
An issue exists in Mahara prior to 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their passw...
Mahara Mahara
383
VMScore
CVE-2013-1426
Cross-site Scripting (XSS) in Mahara prior to 1.5.9 and 1.6.x prior to 1.6.4 allows remote malicious users to inject arbitrary web script or HTML via the TinyMCE editor.
Mahara Mahara
356
VMScore
CVE-2020-9386
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Mahara Mahara
383
VMScore
CVE-2018-6182
Mahara 16.10 prior to 16.10.9 and 17.04 prior to 17.04.7 and 17.10 prior to 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one...
Mahara Mahara
356
VMScore
CVE-2020-9282
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
Mahara Mahara
187
VMScore
CVE-2021-43264
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows malicious users to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
Mahara Mahara
312
VMScore
CVE-2021-43265
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
Mahara Mahara
383
VMScore
CVE-2008-0381
Unspecified vulnerability in Mahara prior to 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
Mahara Mahara
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »