Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2021-43264
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows malicious users to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
Mahara Mahara
5.4
CVSSv3
CVE-2021-43265
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
Mahara Mahara
7.3
CVSSv3
CVE-2021-43266
In Mahara prior to 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara prior to 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cau...
Mahara Mahara
5.4
CVSSv3
CVE-2020-23052
Catalyst IT Ltd Mahara CMS v19.10.2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters.
Catalyst Mahara 19.10.2
6.5
CVSSv3
CVE-2021-29349
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote malicious user to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_d...
Mahara Mahara 20.10
1 Github repository
6.1
CVSSv3
CVE-2020-15907
In Mahara 19.04 prior to 19.04.6, 19.10 prior to 19.10.4, and 20.04 prior to 20.04.1, certain places could execute file or folder names containing JavaScript.
Mahara Mahara
1 Github repository
4.3
CVSSv3
CVE-2020-9387
In Mahara 19.04 prior to 19.04.5 and 19.10 prior to 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
Mahara Mahara
Mahara Mahara 20.04
4.3
CVSSv3
CVE-2020-9386
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
Mahara Mahara
6.5
CVSSv3
CVE-2020-9282
In Mahara 18.10 prior to 18.10.5, 19.04 prior to 19.04.4, and 19.10 prior to 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
Mahara Mahara
9.6
CVSSv3
CVE-2011-3642
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 up to and including 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote malicious users to inject arbitrary web script or HTML via the plugin configuration directive in a refere...
Flowplayer Flowplayer Flash
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »