U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:mahara:mahara:15.04:rc2
There are 30 matching records.
Displaying matches 21 through 30.
Vuln ID Summary CVSS Severity
CVE-2017-1000136

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.

Published: November 03, 2017; 2:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-1000135

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.

Published: November 03, 2017; 2:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-1000134

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.

Published: November 03, 2017; 2:29:00 PM -0400
V3.0: 8.1 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-1000133

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.

Published: November 03, 2017; 2:29:00 PM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-1000132

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.

Published: November 03, 2017; 2:29:00 PM -0400
V3.0: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2017-1000131

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.

Published: November 03, 2017; 2:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-15273

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.

Published: October 31, 2017; 2:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-14752

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.

Published: October 31, 2017; 2:29:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-14163

An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account.

Published: October 31, 2017; 2:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2017-9551

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.

Published: September 25, 2017; 12:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM