) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mahara:mahara:1.4.0:alpha1:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2011-2774 |
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. Published: November 14, 2011; 10:57:56 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
| CVE-2011-2773 |
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution. Published: November 14, 2011; 10:57:56 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2011-2772 |
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image. Published: November 14, 2011; 10:57:56 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2011-2771 |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. Published: November 14, 2011; 10:57:55 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |