| Max CVSS | 5.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4431 | 5.5 |
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.
|
19-05-2014 - 18:43 | 19-05-2014 - 14:55 | |
| CVE-2013-4430 | 4.3 |
Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php.
|
19-05-2014 - 18:42 | 19-05-2014 - 14:55 | |
| CVE-2013-4429 | 4.0 |
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal o
|
19-05-2014 - 18:40 | 19-05-2014 - 14:55 | |
| CVE-2013-4432 | 4.0 |
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were rem
|
19-05-2014 - 18:40 | 19-05-2014 - 14:55 |