Vulnerabilites related to Mahara - Mahara
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1375092 | Exploit, Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1375092 | Exploit, Issue Tracking, Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop)."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.10 anteriores a la 1.10.0 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a un posible Cross-Site Scripting (XSS) cuando se a\u00f1ade un bloque de texto a una p\u00e1gina utilizando el teclado (en lugar de arrastrando y soltando)."
}
],
"id": "CVE-2017-1000137",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1375092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1375092"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D849F41F-0841-43A9-8CDC-73CBFE844CFE",
"versionEndIncluding": "1.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Mahara anterior v1.0.15, v1.1.x anterior v1.1.9, y v1.2.x anterior v1.2.5 posee opciones de configuraci\u00f3n inadecuadas para plugins de autenticaci\u00f3n asociados con identificaciones que usa la funcionalidad single sign-on (SSO), permitiendo a atacantes remotos superar la autenticaci\u00f3n a trav\u00e9s de una password vac\u00eda. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2010-1670",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-06T17:17:14.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/41319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41319"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1570221 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1570221 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 | |
| mahara | mahara | 15.10.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B04E216C-E51E-44FE-85F0-23C0F1EA9928",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.9, versiones 15.10 anteriores a la 15.10.5 y versiones 16.04 anteriores a la 16.04.3, es vulnerable a que se pasen contrase\u00f1as u otra informaci\u00f3n sensible por par\u00e1metros inusuales para que terminen en un registro de error."
}
],
"id": "CVE-2017-1000151",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570221"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1234615 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1234615 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user\u0027s artefacts to be included in a Leap2a export of their own pages."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.8, versiones 15.10 anteriores a la 15.10.4 y versiones 16.04 anteriores a la 16.04.2, es vulnerable a que, en algunas circunstancias, un usuario provoque que se incluyan los artefactos de otro usuario en una exportaci\u00f3n Leap2a de sus propias p\u00e1ginas."
}
],
"id": "CVE-2017-1000133",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1234615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1234615"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1460368 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1460368 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.9.5 | |
| mahara | mahara | 1.9.6 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 1.10.3 | |
| mahara | mahara | 1.10.4 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8531F69-D7E5-403D-877C-6360C87F9C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C68FBF-5176-4FE9-BAEF-43AE316F4B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A2AF4C-CF93-458D-9FBF-B89BF5425BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBAB23C-F0F7-4267-8803-9B8ED17145B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.9 anteriores a la 1.9.7, versiones 1.10 anteriores a la 1.10.5 y versiones 15.04 anteriores a la 15.04.2, es vulnerable a que se puedan incluir comentarios an\u00f3nimos en p\u00e1ginas de detalles de artefactos, incluso cuando el administrador del sitio no permite comentarios an\u00f3nimos."
}
],
"id": "CVE-2017-1000145",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1460368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1460368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-25 14:15
Modified
2025-09-05 17:04
Severity ?
Summary
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9546 | Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/view.php?id=43 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97ECBE31-D669-4EB6-80D5-42F82E398ACF",
"versionEndExcluding": "23.04.7",
"versionStartIncluding": "23.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F04DD618-F6AF-45DB-8291-6500251D6C96",
"versionEndIncluding": "24.04.2",
"versionStartIncluding": "24.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Mahara 24.04 (antes de la versi\u00f3n 24.04.2) y 23.04 (antes de la versi\u00f3n 23.04.7). Los enlaces de pie de p\u00e1gina \"About\", \"Contact\" y \"Help\" pueden configurarse para ser vulnerables a ataques de Cross Site Scripting (XSS) debido a la falta de depuraci\u00f3n de los valores. Estos enlaces solo pueden ser configurados por un administrador, pero cualquier persona que haya iniciado sesi\u00f3n puede hacer clic en ellos."
}
],
"id": "CVE-2024-39923",
"lastModified": "2025-09-05T17:04:45.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-25T14:15:29.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9546"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/view.php?id=43"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-22 19:15
Modified
2025-09-08 16:33
Severity ?
Summary
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1993082 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9353 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A77837C-B28C-4AB9-8237-4BFD37CFEAE6",
"versionEndExcluding": "21.10.6",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E92481-0669-40B6-B204-B6B4346EE473",
"versionEndExcluding": "22.04.4",
"versionStartIncluding": "22.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A86D29-05F0-4808-B307-F0DEECA32E93",
"versionEndExcluding": "22.10.1",
"versionStartIncluding": "22.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed."
},
{
"lang": "es",
"value": "Mahara 21.10 (anterior a 21.10.6), 22.04 (anterior a 22.04.4) y 22.10 (anterior a 22.10.1) deserializa la entrada del usuario de forma insegura durante la importaci\u00f3n de la apariencia. Un archivo XML con una estructura particular podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo durante su procesamiento."
}
],
"id": "CVE-2022-45134",
"lastModified": "2025-09-08T16:33:05.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-22T19:15:37.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1993082"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9353"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4.0 | |
| mahara | mahara | 1.4.1 | |
| mahara | mahara | 1.4.2 | |
| mahara | mahara | 1.4.3 | |
| mahara | mahara | 1.4.4 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1DE181-B75C-49B1-AA87-0F0BA090E23B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.4.x anterior a v1.4.5 y v1.5.x anterior a v1.5.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante la subida de un fichero XML con la extensi\u00f3n xhtml. NOTA: esto puede ser aprovechado con CVE-2012-2244 para ejecutar c\u00f3digo arbitarrio sin autenticaci\u00f3n, como se demostr\u00f3 modificando la ruta de clamav."
}
],
"id": "CVE-2012-2243",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-24T20:55:02.150",
"references": [
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "security@debian.org",
"url": "https://bugs.launchpad.net/mahara/+bug/1055232"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1055232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-25 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1697308 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1697308 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8040 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 15.04.9 | |
| mahara | mahara | 15.04.10 | |
| mahara | mahara | 15.04.11 | |
| mahara | mahara | 15.04.12 | |
| mahara | mahara | 15.04.13 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 16.04.3 | |
| mahara | mahara | 16.04.4 | |
| mahara | mahara | 16.04.5 | |
| mahara | mahara | 16.04.6 | |
| mahara | mahara | 16.04.7 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10.0 | |
| mahara | mahara | 16.10.1 | |
| mahara | mahara | 16.10.2 | |
| mahara | mahara | 16.10.3 | |
| mahara | mahara | 16.10.4 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04.0 | |
| mahara | mahara | 17.04.1 | |
| mahara | mahara | 17.04.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB396B0-459E-4C15-9813-980F35C4C44D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12CDBF96-CFA2-4941-A9D9-C618A2A1D08D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29F2B552-479F-4EEA-858B-2920E14BF5C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "265120A4-CD21-425B-9272-06EB68654A80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user\u0027s account."
},
{
"lang": "es",
"value": "Mahara en versiones 15.04 anteriores a la 15.04.14, 16.04 anteriores a la 16.04.8, 16.10 anteriores a la 16.10.5, 17.04 anteriores a la 17.04.3 es vulnerable a que un usuario env\u00ede una carga \u00fatil potencialmente peligrosa, como por ejemplo un c\u00f3digo XSS, que se vaya a guardar como su nombre en la tabla usr_registration. Los valores se env\u00edan por correo electr\u00f3nico a continuaci\u00f3n al usuario y administrador y, si se aceptan, formar\u00edan parte de la nueva cuenta de usuario."
}
],
"id": "CVE-2017-9551",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-25T16:29:00.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1697308"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1697308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-23 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://mahara.org/interaction/forum/topic.php?id=752 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mahara.org/interaction/forum/topic.php?id=752 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.0.0 | |
| mahara | mahara | 1.0.1 | |
| mahara | mahara | 1.0.2 | |
| mahara | mahara | 1.0.3 | |
| mahara | mahara | 1.0.4 | |
| mahara | mahara | 1.0.5 | |
| mahara | mahara | 1.0.6 | |
| mahara | mahara | 1.0.7 | |
| mahara | mahara | 1.0.8 | |
| mahara | mahara | 1.0.9 | |
| mahara | mahara | 1.0.10 | |
| mahara | mahara | 1.0.11 | |
| mahara | mahara | 1.1 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.1 | |
| mahara | mahara | 1.1.2 | |
| mahara | mahara | 1.1.3 | |
| mahara | mahara | 1.1.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en Mahara v1.0 antes de v1.0.12 y v1.1 antes de v1.1.5 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-2170",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-23T16:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=752"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1692749 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1692749 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 15.04.9 | |
| mahara | mahara | 15.04.10 | |
| mahara | mahara | 15.04.11 | |
| mahara | mahara | 15.04.12 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 16.04.3 | |
| mahara | mahara | 16.04.4 | |
| mahara | mahara | 16.04.5 | |
| mahara | mahara | 16.04.6 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10.0 | |
| mahara | mahara | 16.10.1 | |
| mahara | mahara | 16.10.2 | |
| mahara | mahara | 16.10.3 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04.0 | |
| mahara | mahara | 17.04.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.13, versiones 16.04 anteriores a la 16.04.7, versiones 16.10 anteriores a la 16.10.4 y versiones 17.04 anteriores a la 17.04.2 es vulnerable a que se guarden contrase\u00f1as en texto plano en la tabla event_log durante el proceso de creaci\u00f3n de un usuario, si el registro de eventos completo estaba activado."
}
],
"id": "CVE-2017-1000157",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:01.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1692749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1692749"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13EA11E8-5A54-4A4B-BB70-E8F2CE243169",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF82733-11FD-41CB-9D5C-A81D891AD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC3515E-0923-40D8-A026-833DCAE47648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F7E30-71E4-41FC-883C-9E5DBF659A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.4.1 permite a atacantes remotos inyectar c\u00f3digo web script o HTML a trav\u00e9s de vectores relacionado con (1) atributos URI y (2) el componente External Feed, como se demostr\u00f3 por el elemento \"guid\" en un RSS."
}
],
"id": "CVE-2011-2771",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-15T03:57:55.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "cve@mitre.org",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/798136"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/798136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4.0 | |
| mahara | mahara | 1.4.1 | |
| mahara | mahara | 1.4.2 | |
| mahara | mahara | 1.4.3 | |
| mahara | mahara | 1.4.4 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1DE181-B75C-49B1-AA87-0F0BA090E23B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with \"unknown fields,\" which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.4.x anterior a v1.4.5 y v1.5.x anterior a v1.5.4, y otras versiones incluida la v1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de una cabecera CSV con \"unknown fields,\" el cual no es correctamente manejado en mensajes de error en las propiedades de (1) user, (2) grupo y (3) miembro de grupo. NOTA: esta vulnerabilidad fue en un principio parte del CVE-2012-2243, pero dicho ID fue dividido debido a diferentes asuntos con diferentes investigadores."
}
],
"id": "CVE-2012-6037",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-24T20:55:04.367",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/mahara/+bug/1063480"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1063480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1377736 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1377736 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.10 anteriores a la 1.10.0 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a un posible Cross-Site Scripting (XSS) cuando se arrastran/sueltan archivos a una colecci\u00f3n si el archivo tiene c\u00f3digo JavaScript en el t\u00edtulo."
}
],
"id": "CVE-2017-1000138",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1377736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1377736"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-01 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1770561 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8269 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1770561 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8269 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45AB0DD3-CCBA-4C94-837E-6E2B4635E8A9",
"versionEndExcluding": "17.04.8",
"versionStartIncluding": "17.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87104E12-A6F3-4762-A518-F81C906DA755",
"versionEndExcluding": "17.10.5",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:18.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50BB0028-28D9-4F5C-B46A-B5BEFA50149E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser \"back and refresh\" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials."
},
{
"lang": "es",
"value": "Mahara, en versiones 17.04 anteriores a la 17.04.8, versiones 17.10 anteriores a la 17.10.5 y versiones 18.04 anteriores a la 18.04.1 es vulnerable a un ataque \"back and refresh\" del navegador. Esto permite que usuarios maliciosos con acceso f\u00edsico al navegador web de un usuario de Mahara, una vez haya iniciado sesi\u00f3n, puedan obtener acceso a sus credenciales de Mahara."
}
],
"id": "CVE-2018-11195",
"lastModified": "2024-11-21T03:42:52.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-01T19:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1770561"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1770561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-06 17:15
Modified
2025-05-02 19:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29BF62C0-9CEF-4EBF-B635-67F416C2F692",
"versionEndExcluding": "21.04.7",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4113D84F-96F1-4185-BD2A-65F4B444BFD1",
"versionEndExcluding": "21.10.5",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CBE95-58A0-407F-805F-5FA142197EA5",
"versionEndExcluding": "22.04.3",
"versionStartIncluding": "22.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:22.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "382558E9-D245-4AA5-ABE8-3CBDEA139099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions."
},
{
"lang": "es",
"value": "En Mahara 21.04 antes del 21.04.7, 21.10 antes del 21.10.5, 22.04 antes del 22.04.3 y 22.10 antes del 22.10.0, se puede acceder a las im\u00e1genes incrustadas sin una verificaci\u00f3n de permiso suficiente bajo ciertas condiciones."
}
],
"id": "CVE-2022-42707",
"lastModified": "2025-05-02T19:15:54.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-06T17:15:10.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1991157"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1991157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9199"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1577251 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1577251 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 15.04.9 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 16.04.3 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 | |
| mahara | mahara | 15.10.4 | |
| mahara | mahara | 15.10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B04E216C-E51E-44FE-85F0-23C0F1EA9928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB9ABF0-E574-4694-A78A-4131D128D895",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user\u0027s account."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.10, versiones 15.10 anteriores a la 15.10.6 y versiones 16.04 anteriores a la 16.04.4, es vulnerable a un control de acceso incorrecto debido a que, despu\u00e9s de que se env\u00ede el enlace de restauraci\u00f3n de contrase\u00f1a por correo y el usuario modifique su correo por defecto, Mahara no invalida correctamente el enlace antiguo. Como consecuencia, el enlace del correo se puede utilizar para conseguir acceso a la cuenta del usuario."
}
],
"id": "CVE-2017-1000153",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:01.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1577251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1577251"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-07 15:30
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en lib/user.php en mahara v1.0.4, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del \"username\"."
}
],
"id": "CVE-2010-0400",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-07T15:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2010/dsa-2030"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39253"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1480329 | Exploit, Issue Tracking, Mitigation, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1480329 | Exploit, Issue Tracking, Mitigation, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.9.5 | |
| mahara | mahara | 1.9.6 | |
| mahara | mahara | 1.9.7 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 1.10.3 | |
| mahara | mahara | 1.10.4 | |
| mahara | mahara | 1.10.5 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8531F69-D7E5-403D-877C-6360C87F9C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C68FBF-5176-4FE9-BAEF-43AE316F4B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE66FC6-5D7F-4B4F-BB55-1F9D4F29CC4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A2AF4C-CF93-458D-9FBF-B89BF5425BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBAB23C-F0F7-4267-8803-9B8ED17145B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A1F9F0-2585-4A7D-8C78-3E935CC78E67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara\u0027s filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.9 anteriores a la 1.9.8, versiones 1.10 anteriores a la 1.10.6 y versiones 15.04 anteriores a la 15.04.3, es vulnerable a que se realicen ataques Cross-Site Request Forgery (CSRF) en la herramienta de subida incluida en el widget de b\u00fasqueda de archivos de Mahara. Esto podr\u00eda permitir que un atacante enga\u00f1e a un usuario de Mahara para que suba archivos maliciosos a su cuenta de Mahara sin saberlo."
}
],
"id": "CVE-2017-1000147",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1480329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1480329"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C01C26-7C43-4778-BFA1-05745155A2BC",
"versionEndIncluding": "1.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys."
},
{
"lang": "es",
"value": "vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la implementaci\u00f3n de los pieforms en Mahara anteriores a v1.3,6, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones a cualquier formulario, relacionados con una regeneraci\u00f3n no apropiada de las claves de sesi\u00f3n.\r\n"
}
],
"id": "CVE-2011-1403",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T22:55:01.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67398"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771598"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-31 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1719491 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1719491 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 15.04.9 | |
| mahara | mahara | 15.04.10 | |
| mahara | mahara | 15.04.11 | |
| mahara | mahara | 15.04.12 | |
| mahara | mahara | 15.04.13 | |
| mahara | mahara | 15.04.14 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 16.04.3 | |
| mahara | mahara | 16.04.4 | |
| mahara | mahara | 16.04.5 | |
| mahara | mahara | 16.04.6 | |
| mahara | mahara | 16.04.7 | |
| mahara | mahara | 16.04.8 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10.0 | |
| mahara | mahara | 16.10.1 | |
| mahara | mahara | 16.10.2 | |
| mahara | mahara | 16.10.3 | |
| mahara | mahara | 16.10.4 | |
| mahara | mahara | 16.10.5 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04.0 | |
| mahara | mahara | 17.04.1 | |
| mahara | mahara | 17.04.2 | |
| mahara | mahara | 17.04.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB396B0-459E-4C15-9813-980F35C4C44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F451AFC9-F666-4DB9-A72C-3A9B525F6C75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12CDBF96-CFA2-4941-A9D9-C618A2A1D08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5065A264-DB58-4A3F-984D-D3B45195F4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29F2B552-479F-4EEA-858B-2920E14BF5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65F7A0FD-5C12-4A49-B5FE-E8C8C88C2496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "265120A4-CD21-425B-9272-06EB68654A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC2D1CB-72FA-445B-BDF2-88ED633B19D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.15, versiones 16.04 anteriores a la 16.04.9, versiones 16.10 anteriores a la 16.10.6 y versiones 17.04 anteriores a la 17.04.4, es vulnerable a que un usuario env\u00ede un payload potencialmente peligroso (por ejemplo, c\u00f3digo XSS) para que se guarde como su nombre, apellido o el nombre para mostrar en los campos de perfil. Esto puede dar lugar a problemas como el escalado de privilegios o a la ejecuci\u00f3n desconocida de c\u00f3digo malicioso cuando se responde a mensajes en Mahara."
}
],
"id": "CVE-2017-14752",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-31T18:29:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719491"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en group/members.php in Mahara v1.5.x anterior a v1.5.7 y v1.6.x anterior a v1.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro query"
}
],
"id": "CVE-2012-2253",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-24T20:55:02.353",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/51404"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "security@debian.org",
"url": "https://bugs.launchpad.net/mahara/+bug/1079498"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1079498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5076"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1190788 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1190788 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.8.6 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9C9686-29B7-4212-9BAD-E04FE0EB8B02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que archivos .swf creados con fines maliciosos ejecuten su c\u00f3digo cuando un usuario intenta descargar el archivo."
}
],
"id": "CVE-2017-1000132",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1190788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1190788"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D849F41F-0841-43A9-8CDC-73CBFE844CFE",
"versionEndIncluding": "1.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Mahara anterior v1.0.15, v1.1.x anterior v1.1.9, y 1.2.x anteior v1.2.5 permite a atacantes remotos secuestar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores desconocidos. \r\n"
}
],
"id": "CVE-2010-1668",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-06T17:17:14.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/41319"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1508684 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1508684 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP \"unserialize()\" function when importing a skin from an XML file."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.8, versiones 15.10 anteriores a la 15.10.4 y versiones 16.04 anteriores a la 16.04.2, es vulnerable a la ejecuci\u00f3n de c\u00f3digo PHP, debido a que Mahara pasar\u00eda fragmentos del c\u00f3digo XML mediante la funci\u00f3n PHP \"unserialize()\" cuando se importa una m\u00e1scara desde un archivo XML."
}
],
"id": "CVE-2017-1000148",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1508684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1508684"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-09 20:29
Modified
2024-11-21 04:10
Severity ?
Summary
Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1744789 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8215 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1744789 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8215 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B16B96BD-D5EF-4D8D-AD78-CE16A6AB0B4E",
"versionEndExcluding": "16.10.9",
"versionStartIncluding": "16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25805CCF-F2E5-49B4-992B-65717A3ED539",
"versionEndExcluding": "17.04.7",
"versionStartIncluding": "17.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA183B6-D1A9-40A2-A500-D5912E0DE5B9",
"versionEndExcluding": "17.10.4",
"versionStartIncluding": "17.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE\u0027s code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server."
},
{
"lang": "es",
"value": "Mahara, en versiones 16.10 anteriores a la 16.10.9, versiones 17.04 anteriores a la 17.04.7 y versiones 17.10 anteriores a la 17.10.4 es vulnerable a malas entradas cuando TinyMCE es omitido por los paquetes POST. Por lo tanto, Mahara no deber\u00eda depender solamente de la eliminaci\u00f3n de c\u00f3digo de TinyMCE, sino tambi\u00e9n de las entradas limpias del lado del servidor/PHP, ya que se pueden crear paquetes propios de datos POST que contienen malos contenidos con los que alcanzar el servidor."
}
],
"id": "CVE-2018-6182",
"lastModified": "2024-11-21T04:10:14.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-09T20:29:00.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1744789"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1744789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8215"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-09 05:15
Modified
2024-11-21 06:50
Severity ?
Summary
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1952808 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8994 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1952808 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8994 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61C119B6-0D83-4E30-87E4-166B0BD7D578",
"versionEndExcluding": "20.10.4",
"versionStartIncluding": "20.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E157F-FBE3-46EB-80F5-CBE01BD54434",
"versionEndExcluding": "21.04.3",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3DE3D2C-ABD8-4C89-8CBE-78E57A5F08FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D72713FC-A263-498A-A57F-7E5D21EA7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5322D614-E2C7-4365-8E95-FFAC8BEBD3EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)"
},
{
"lang": "es",
"value": "En Mahara versiones 20.10 anteriores a 20.10.4, versiones 21.04 anteriores a 21.04.3 y versiones 21.10 anteriores a 21.10.1, los nombres de las carpetas en el \u00e1rea de Archivos pueden ser visualizados por una persona que no sea propietaria de las carpetas. (S\u00f3lo est\u00e1n afectados los nombres de las carpetas. No est\u00e1n afectados ni los nombres de los archivos ni su contenido)"
}
],
"id": "CVE-2022-24694",
"lastModified": "2024-11-21T06:50:53.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-09T05:15:09.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1952808"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1952808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8994"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C01C26-7C43-4778-BFA1-05745155A2BC",
"versionEndIncluding": "1.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses."
},
{
"lang": "es",
"value": "Mahara antes de v1.3.6 no restringe correctamente los datos en las respuestas a las llamadas AJAX, que permite a usuarios remotos autenticados a obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud asociada con (1) blocktype/MyFriends/myfriends.json.php ,(2) json/usersearch.php,(3) group/membersearchresults.json.php, o (4)json/friendsearch.php, como lo demuestra la informaci\u00f3n sobre amigos y direcciones de correo electr\u00f3nico."
}
],
"id": "CVE-2011-1404",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-13T22:55:01.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67395"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772160"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772174"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772179"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-19 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | * | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 | |
| mahara | mahara | 1.5.4 | |
| mahara | mahara | 1.5.6 | |
| mahara | mahara | 1.5.7 | |
| mahara | mahara | 1.5.8 | |
| mahara | mahara | 1.5.9 | |
| mahara | mahara | 1.5.10 | |
| mahara | mahara | 1.7. | |
| mahara | mahara | 1.7.0 | |
| mahara | mahara | 1.7.1 | |
| mahara | mahara | 1.7.2 | |
| mahara | mahara | 1.6.0 | |
| mahara | mahara | 1.6.1 | |
| mahara | mahara | 1.6.2 | |
| mahara | mahara | 1.6.3 | |
| mahara | mahara | 1.6.4 | |
| mahara | mahara | 1.6.5 | |
| mahara | mahara | 1.6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC43859-166D-403F-BC6C-4B7FDD02807C",
"versionEndIncluding": "1.5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "65C4D82B-1BAE-48BD-8CBC-BCB74FD39A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F960D-CCBF-46B6-A443-BF80C2D355C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CBBAE0-99A7-4EA3-A3E9-11CBFE1771DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD24E374-E205-4500-A168-44849BF2357C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14A5DCF0-AD5C-4474-9268-1B235835CD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCF015B5-EA5A-4B6E-9F9D-B78DEC5F7657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7EA146-CFF3-40A1-A543-2897C94F3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA8FD5B-DD85-4934-ACF7-259CCF72DE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB74EBE4-99F2-40D9-88DC-50E118397D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F621A6A7-D400-4A48-B2B8-8A815F670277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D19D9FBF-8FE1-4DC9-801E-D8982D8EF3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "481EBE78-72A3-43A3-96C5-5F5571BEB71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "455BA995-8464-4816-A03C-E9AA7DA07548",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block."
},
{
"lang": "es",
"value": "Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no restringe debidamente acceso a artefactos, lo que permite a usuarios remotos autenticados leer artefactos arbitrarios a trav\u00e9s del (1) id del artefacto en una acci\u00f3n de subida cuando crea un diario o (2) par\u00e1metro instconf_artefactid_selected[ID] en una acci\u00f3n de subida cuando edita un bloque."
}
],
"id": "CVE-2013-4429",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-19T14:55:08.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/mahara/+bug/1211758"
},
{
"source": "secalert@redhat.com",
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1211758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.1 | |
| mahara | mahara | 1.3.2 | |
| mahara | mahara | 1.3.3 | |
| mahara | mahara | 1.3.4 | |
| mahara | mahara | 1.3.5 | |
| mahara | mahara | 1.3.6 | |
| mahara | mahara | 1.3.7 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF82733-11FD-41CB-9D5C-A81D891AD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC3515E-0923-40D8-A026-833DCAE47648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F7E30-71E4-41FC-883C-9E5DBF659A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"Reply to message\" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter."
},
{
"lang": "es",
"value": "La caracter\u00edstica \"Reply to message\" en Mahara v1.3.x y v1.4.x, antes de v1.4.1, permite a usuarios autenticados remotamente leer mensajes de un usuario diferente a trav\u00e9s de un par\u00e1metro replyto modificado"
}
],
"id": "CVE-2011-2774",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-15T03:57:56.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/bugs/798128"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/bugs/798128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-02 22:15
Modified
2024-11-21 06:28
Severity ?
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1944979 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8954 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1944979 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8954 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DDE4C7-FE22-41A8-AB98-F410A470268E",
"versionEndExcluding": "20.04.5",
"versionStartIncluding": "20.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED5D80-651C-4B0E-81AC-DB23BF6DFCF9",
"versionEndExcluding": "20.10.3",
"versionStartIncluding": "20.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE88DE-CD36-4F04-AB37-D155FABD12B8",
"versionEndExcluding": "21.04.2",
"versionStartIncluding": "21.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character."
},
{
"lang": "es",
"value": "En Mahara versiones anteriores a 20.04.5, 20.10.3, 21.04.2 y 21.10.0, el ajuste del componente de la ruta para el archivo de ayuda de la p\u00e1gina permite a atacantes omitir el control de acceso previsto para los archivos HTML por medio de un salto de directorio. Sustituye el car\u00e1cter - por el car\u00e1cter /"
}
],
"id": "CVE-2021-43264",
"lastModified": "2024-11-21T06:28:56.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-02T22:15:09.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944979"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8954"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-25 14:15
Modified
2025-09-05 17:05
Severity ?
Summary
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F19292E-305C-4E12-908F-32C85D0C0798",
"versionEndExcluding": "22.10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46968006-FCDF-4E06-87D5-9A1C749ED35D",
"versionEndExcluding": "23.04.4",
"versionStartIncluding": "23.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported."
},
{
"lang": "es",
"value": "Mahara, versiones anteriores a la 22.10.4 y 23.x, versiones anteriores a la 23.04.4, permite la divulgaci\u00f3n de informaci\u00f3n si se utiliza la exportaci\u00f3n masiva de HTML experimental a trav\u00e9s de la interfaz de administraci\u00f3n o la CLI, y los archivos de exportaci\u00f3n resultantes se entregan a los titulares de las cuentas. Estos pueden contener im\u00e1genes de otros titulares de cuentas, ya que la cach\u00e9 no se borra despu\u00e9s de exportar los archivos de una cuenta."
}
],
"id": "CVE-2023-47799",
"lastModified": "2025-09-05T17:05:01.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-25T14:15:28.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://git.mahara.org/catalyst-security/mahara-security/-/issues/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9353"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-20 22:29
Modified
2024-11-21 03:17
Severity ?
Summary
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1732987 | Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8149 | Vendor Advisory | |
| cve@mitre.org | https://reviews.mahara.org/#/c/8191/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1732987 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8149 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://reviews.mahara.org/#/c/8191/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC68C57-F2E1-4E20-9E38-99D3218BAC96",
"versionEndExcluding": "16.10.7",
"versionStartIncluding": "16.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00BD0F18-7087-4D31-B8E0-159F79C4B13E",
"versionEndExcluding": "17.04.5",
"versionStartIncluding": "17.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "892E2FAA-F01B-432E-9473-774949895AD7",
"versionEndExcluding": "17.10.2",
"versionStartIncluding": "17.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value."
},
{
"lang": "es",
"value": "Mahara 16.10 en versiones anteriores a la 16.10.7, versiones 17.04 anteriores a la 17.04.5 y versiones 17.10 anteriores a la 17.10.2 tiene una vulnerabilidad de Cross Site Scripting (XSS) cuando un usuario introduce caracteres UTF-8 no v\u00e1lidos. Estos ser\u00e1n descartados en Mahara junto con caracteres NULL y caracteres Unicode inv\u00e1lidos. Mahara tambi\u00e9n evitar\u00e1 el uso directo de $_GET y $_POST cuando sea posible; a su vez emplear\u00e1 param_exists() y la funci\u00f3n correcta param_*() para recuperar el valor esperado."
}
],
"id": "CVE-2017-17454",
"lastModified": "2024-11-21T03:17:57.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-20T22:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1732987"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8149"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://reviews.mahara.org/#/c/8191/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1732987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://reviews.mahara.org/#/c/8191/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-19 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | * | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 | |
| mahara | mahara | 1.5.4 | |
| mahara | mahara | 1.5.6 | |
| mahara | mahara | 1.5.7 | |
| mahara | mahara | 1.5.8 | |
| mahara | mahara | 1.5.9 | |
| mahara | mahara | 1.5.10 | |
| mahara | mahara | 1.5.11 | |
| mahara | mahara | 1.6.0 | |
| mahara | mahara | 1.6.1 | |
| mahara | mahara | 1.6.2 | |
| mahara | mahara | 1.6.3 | |
| mahara | mahara | 1.6.4 | |
| mahara | mahara | 1.6.5 | |
| mahara | mahara | 1.6.6 | |
| mahara | mahara | 1.6.7 | |
| mahara | mahara | 1.7. | |
| mahara | mahara | 1.7.0 | |
| mahara | mahara | 1.7.1 | |
| mahara | mahara | 1.7.2 | |
| mahara | mahara | 1.7.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB56F5A2-EA29-4B55-95F9-15946529F7A0",
"versionEndIncluding": "1.5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "65C4D82B-1BAE-48BD-8CBC-BCB74FD39A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F960D-CCBF-46B6-A443-BF80C2D355C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CBBAE0-99A7-4EA3-A3E9-11CBFE1771DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD24E374-E205-4500-A168-44849BF2357C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0BDC63-9A2F-4FC5-B768-9D87889CBD96",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB74EBE4-99F2-40D9-88DC-50E118397D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F621A6A7-D400-4A48-B2B8-8A815F670277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D19D9FBF-8FE1-4DC9-801E-D8982D8EF3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "481EBE78-72A3-43A3-96C5-5F5571BEB71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "455BA995-8464-4816-A03C-E9AA7DA07548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D95716D4-2DAE-4BB9-9DE4-2906EFC94492",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14A5DCF0-AD5C-4474-9268-1B235835CD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCF015B5-EA5A-4B6E-9F9D-B78DEC5F7657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7EA146-CFF3-40A1-A543-2897C94F3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA8FD5B-DD85-4934-ACF7-259CCF72DE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A37CC03-8050-498E-81CA-7F37EAB5B4DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php."
},
{
"lang": "es",
"value": "Mahara anterior a 1.5.13, 1.6.x anterior a 1.6.8 y 1.7.x anterior a 1.7.4 no restringe debidamente acceso a carpetas, lo que permite a usuarios remotos autenticados leer carpetas arbitrarias (1) mediante el aprovechamiento de una etiqueta de carpeta activa cargada antes de que los permisos fueron eliminados o (2) a trav\u00e9s del par\u00e1metro folder hacia artefact/file/groupfiles.php."
}
],
"id": "CVE-2013-4432",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-19T14:55:08.563",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/mahara/+bug/1034180"
},
{
"source": "secalert@redhat.com",
"url": "https://mahara.org/interaction/forum/topic.php?id=5864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1034180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mahara.org/interaction/forum/topic.php?id=5864"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-02 22:15
Modified
2024-11-21 06:28
Severity ?
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1944633 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8953 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1944633 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8953 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DDE4C7-FE22-41A8-AB98-F410A470268E",
"versionEndExcluding": "20.04.5",
"versionStartIncluding": "20.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED5D80-651C-4B0E-81AC-DB23BF6DFCF9",
"versionEndExcluding": "20.10.3",
"versionStartIncluding": "20.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE88DE-CD36-4F04-AB37-D155FABD12B8",
"versionEndExcluding": "21.04.2",
"versionStartIncluding": "21.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element."
},
{
"lang": "es",
"value": "En Mahara versiones anteriores a 20.04.5, 20.10.3, 21.04.2 y 21.10.0, determinada sintaxis de etiquetas pod\u00eda ser usada para un ataque de tipo XSS, como por medio de un elemento SCRIPT"
}
],
"id": "CVE-2021-43265",
"lastModified": "2024-11-21T06:28:57.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-02T22:15:09.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944633"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8953"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C01C26-7C43-4778-BFA1-05745155A2BC",
"versionEndIncluding": "1.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting."
},
{
"lang": "es",
"value": "Mahara antes de v1.3.6 permite a usuarios remotos autenticados a eludir las restricciones de acceso previsto, y suspender una cuenta de usuario, editar un punto de vista, visitar una vista, editar un plan de artefactos, leer un bloque de planes, leer un plan de artefactos, editar un blog, leer un bloque de blog, leer un artefacto blog, o acceder a un bloque, a trav\u00e9s de una solicitud asociada con (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php,relacionados con la aplicaci\u00f3n incorrecta de privilegios, comprobaci\u00f3n de un usuario no existente y aplicaci\u00f3n de la sobrescritura de las fechas de inicio/parada."
}
],
"id": "CVE-2011-1402",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-13T22:55:01.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67396"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67397"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/746182"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771592"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771614"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771623"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771637"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771644"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771653"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67396"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/746182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/771653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-19 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.7. | |
| mahara | mahara | 1.7.0 | |
| mahara | mahara | 1.7.1 | |
| mahara | mahara | 1.7.2 | |
| mahara | mahara | 1.6.0 | |
| mahara | mahara | 1.6.1 | |
| mahara | mahara | 1.6.2 | |
| mahara | mahara | 1.6.3 | |
| mahara | mahara | 1.6.4 | |
| mahara | mahara | 1.6.5 | |
| mahara | mahara | 1.6.6 | |
| mahara | mahara | * | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 | |
| mahara | mahara | 1.5.4 | |
| mahara | mahara | 1.5.6 | |
| mahara | mahara | 1.5.7 | |
| mahara | mahara | 1.5.8 | |
| mahara | mahara | 1.5.9 | |
| mahara | mahara | 1.5.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14A5DCF0-AD5C-4474-9268-1B235835CD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCF015B5-EA5A-4B6E-9F9D-B78DEC5F7657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7EA146-CFF3-40A1-A543-2897C94F3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA8FD5B-DD85-4934-ACF7-259CCF72DE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB74EBE4-99F2-40D9-88DC-50E118397D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F621A6A7-D400-4A48-B2B8-8A815F670277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D19D9FBF-8FE1-4DC9-801E-D8982D8EF3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "481EBE78-72A3-43A3-96C5-5F5571BEB71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "455BA995-8464-4816-A03C-E9AA7DA07548",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC43859-166D-403F-BC6C-4B7FDD02807C",
"versionEndIncluding": "1.5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "65C4D82B-1BAE-48BD-8CBC-BCB74FD39A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F960D-CCBF-46B6-A443-BF80C2D355C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CBBAE0-99A7-4EA3-A3E9-11CBFE1771DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD24E374-E205-4500-A168-44849BF2357C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la cabecera Host hacia lib/web.php."
}
],
"id": "CVE-2013-4430",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-19T14:55:08.423",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/mahara/+bug/1175446"
},
{
"source": "secalert@redhat.com",
"url": "https://mahara.org/interaction/forum/topic.php?id=5754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1175446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mahara.org/interaction/forum/topic.php?id=5754"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D201412A-161C-4383-81BF-D2885299A037",
"versionEndIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:lite:*:*:*:*:*",
"matchCriteriaId": "1B8C27B0-F75E-4791-BE5A-2B0632122D7E",
"versionEndIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:*:*:standalone:*:*:*:*:*",
"matchCriteriaId": "7C82068C-6C5F-4EBF-8AB4-F44E502A2787",
"versionEndIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24143435-62A6-470F-AC49-92175167F5B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "3E0FFD69-953B-4256-B865-3D9B15681597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D62CE1F3-3667-46F4-B62F-456148267E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B70AF0F-5B3B-4D41-B4A7-9A04C790D703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E3DDFA-98AE-4908-AA90-1524A0850752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05E7680A-9942-47D3-B8EA-C0830F30DE7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D14E3B6C-A386-469E-92BC-1830D1E572D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9F167F4A-E18B-4E2D-8B0F-F6022759E069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBAD18A-26DB-49B9-AA19-CFA0BB4233F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24A7F78E-4146-4EA0-A968-C2FED9F71300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "10EEA88C-A2E2-4035-8A7C-921D3B8350F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:strict:*:*:*:*:*",
"matchCriteriaId": "63E05515-EF1A-43AA-8125-3BC2EF46D6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE68DBD-C1E6-49E9-8E66-A9F49950E8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:strict:*:*:*:*:*",
"matchCriteriaId": "44887D47-30A3-4CAB-BA18-91CCB4C32333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67F9D661-CA8E-437B-BDD6-9B7749281BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:strict:*:*:*:*:*",
"matchCriteriaId": "C05D43AF-2B7B-463B-A272-79F133C2F6EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07EE65FF-653C-49E6-82AE-F5E72BA5C6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:strict:*:*:*:*:*",
"matchCriteriaId": "6F3C02BD-1BE2-4950-B712-5FFB8ECC2A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E6CE6A7-9B74-4AD0-A7F9-62AF0B4C82AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:strict:*:*:*:*:*",
"matchCriteriaId": "E3EFA8D3-646C-4F44-AD9F-410B202064B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "797CE25C-505D-4596-9021-B1EA43E6A767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:strict:*:*:*:*:*",
"matchCriteriaId": "0447936E-6DB9-4C77-8D66-02068690F074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B54BDBD5-DD16-4E42-8FB7-BEC679AFCB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:strict:*:*:*:*:*",
"matchCriteriaId": "484F93BB-E787-4277-B166-147BA89E2627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D5ECE-A527-4912-97B0-5AC318E27992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:lite:*:*:*:*:*",
"matchCriteriaId": "711DC856-A791-4C5B-AEEF-C7E25E068E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:standalone:*:*:*:*:*",
"matchCriteriaId": "B7E3F4CE-403E-429A-B6B9-820B75343AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict:*:*:*:*:*",
"matchCriteriaId": "1C8D2CE8-4773-46E6-A1D5-2B23E49E4DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-lite:*:*:*:*:*",
"matchCriteriaId": "D950D749-B476-48D0-A789-55ADD9C73B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-standalone:*:*:*:*:*",
"matchCriteriaId": "57D3F6C3-6616-4FC0-AD0A-A98FB8F78E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24177810-45DC-499E-B0F7-C3B9A40950B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "F37323C6-86F8-4BE5-A00B-21366A7190BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:standalone:*:*:*:*:*",
"matchCriteriaId": "C9CA7EA8-670A-43FB-8466-C663AEEDEFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict:*:*:*:*:*",
"matchCriteriaId": "F809E8DA-49EE-4509-BBE7-4B6D39965948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-lite:*:*:*:*:*",
"matchCriteriaId": "FAD9CEF2-F674-4B17-89E9-B7F7745704B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-standalone:*:*:*:*:*",
"matchCriteriaId": "9EA1FFA7-DED0-4B05-81BE-E2AAA1DE6F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53C79A55-90D3-4DAE-B1A2-D53116864F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:lite:*:*:*:*:*",
"matchCriteriaId": "1A9269ED-1A01-4677-B42D-95BBA6319EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:standalone:*:*:*:*:*",
"matchCriteriaId": "9C3C9655-79F1-4D66-8830-1E630C436D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict:*:*:*:*:*",
"matchCriteriaId": "FF260945-7E1E-400E-9CDE-D75498667483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-lite:*:*:*:*:*",
"matchCriteriaId": "E742FC87-C5EA-4D69-9AFA-5A5AE207FE0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-standalone:*:*:*:*:*",
"matchCriteriaId": "4DD9AD81-CDA5-4377-A9ED-67D04FECBE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1314CE-89D9-40FC-9A33-31EB3B981A27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:lite:*:*:*:*:*",
"matchCriteriaId": "CAF341D6-E0D2-43F1-854E-6DCCE1BC2A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:standalone:*:*:*:*:*",
"matchCriteriaId": "D1395209-C0A8-484E-891F-9BBFAAF5C680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict:*:*:*:*:*",
"matchCriteriaId": "09CDD264-F587-43C6-B8DD-BF6F05A1D785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-lite:*:*:*:*:*",
"matchCriteriaId": "C578396F-EFE9-49B2-8375-9DDE507D56EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-standalone:*:*:*:*:*",
"matchCriteriaId": "115A93E1-7E60-4499-8E5D-0005FE01F1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE055D0C-E7C9-4A4D-A156-86C1B5352A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:lite:*:*:*:*:*",
"matchCriteriaId": "8075E2EB-A40F-4627-92AC-1485235691A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:standalone:*:*:*:*:*",
"matchCriteriaId": "184370F0-FB8B-470C-AD96-75CCB68D37EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "39F54191-160A-456E-B049-093276C06F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:lite:*:*:*:*:*",
"matchCriteriaId": "962A7056-71F8-4BA7-8664-B29A8E9CF83A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:standalone:*:*:*:*:*",
"matchCriteriaId": "929A6993-24FB-4665-8CC9-5F101A557BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3F7F1B-5F25-4092-8128-795544F386FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:lite:*:*:*:*:*",
"matchCriteriaId": "F65FCFE7-4EA0-405F-AAE1-CDB9E58318F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:standalone:*:*:*:*:*",
"matchCriteriaId": "E6B5FBD8-2D09-4ABA-BC34-C9D9993E858E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5624C862-D4B8-4A14-AD9F-A2E80BBBEB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:lite:*:*:*:*:*",
"matchCriteriaId": "EFDE4099-9E43-4A2C-865C-C397CBE92609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:standalone:*:*:*:*:*",
"matchCriteriaId": "C58ED5AB-F5FF-42A6-98D8-37D37D4054F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "49F1B3F5-C22C-46DD-B447-82F6E00B232A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:lite:*:*:*:*:*",
"matchCriteriaId": "3EFE0D2B-D725-4588-935E-26E424CC8C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:standalone:*:*:*:*:*",
"matchCriteriaId": "566EB415-EE50-4D32-81BB-58AC00FF6E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74387F7F-6E01-4F92-AE5B-A8D39DA7DE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:lite:*:*:*:*:*",
"matchCriteriaId": "4CABDC55-2753-4481-9613-5F83D2974E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:standalone:*:*:*:*:*",
"matchCriteriaId": "BF967A1F-4B6E-4507-8DCF-DAC87EC8E276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB2924AA-FFE7-4CE3-B4D1-4CE2BB496555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:lite:*:*:*:*:*",
"matchCriteriaId": "D905650B-10DD-492D-AC66-12DF313661F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:standalone:*:*:*:*:*",
"matchCriteriaId": "EFF61BFC-1139-47B4-82FA-9080F6F52648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "049719CC-CDB8-466C-92F5-2918ABDD97BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:lite:*:*:*:*:*",
"matchCriteriaId": "9DCF286B-76D2-4E3E-B05B-DA17C3FA0D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:standalone:*:*:*:*:*",
"matchCriteriaId": "99579DB2-D08A-46A2-9CE8-9C0A06AF2BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0705143F-5A7E-4B22-8BA6-C52EC940F337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:lite:*:*:*:*:*",
"matchCriteriaId": "958E7E2C-58C0-42B5-96CB-93158EB3A185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:standalone:*:*:*:*:*",
"matchCriteriaId": "FC1452C3-E3A9-490F-931D-4F173B6EFDEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D849F41F-0841-43A9-8CDC-73CBFE844CFE",
"versionEndIncluding": "1.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en HTML Purifier anterior v4.1.1, como el usado en Mahara y otros productos, cuando el navegador es Internet Explorer, permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados. \r\n"
}
],
"id": "CVE-2010-2479",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-06T17:17:14.717",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://htmlpurifier.org/news/2010/0531-4.1.1-released"
},
{
"source": "secalert@redhat.com",
"url": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39613"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/41259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://htmlpurifier.org/news/2010/0531-4.1.1-released"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/41259"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 11:15
Modified
2024-11-21 06:24
Severity ?
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F1CC6-E05D-4D9F-9543-7777025E4BAB",
"versionEndExcluding": "20.04.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED5D80-651C-4B0E-81AC-DB23BF6DFCF9",
"versionEndExcluding": "20.10.3",
"versionStartIncluding": "20.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE88DE-CD36-4F04-AB37-D155FABD12B8",
"versionEndExcluding": "21.04.2",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D72713FC-A263-498A-A57F-7E5D21EA7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5322D614-E2C7-4365-8E95-FFAC8BEBD3EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection."
},
{
"lang": "es",
"value": "En Mahara versiones anteriores a 20.04.5, 20.10.3, 21.04.2 y 21.10.0, los archivos CSV exportados pod\u00edan contener caracteres que un programa de hoja de c\u00e1lculo pod\u00eda interpretar como un comando, conllevando a una ejecuci\u00f3n de una cadena maliciosa localmente en un dispositivo, lo que se conoce como inyecci\u00f3n CSV"
}
],
"id": "CVE-2021-40848",
"lastModified": "2024-11-21T06:24:55.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T11:15:08.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930471"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8950"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-03 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | * | |
| mahara | mahara | 1.0.0 | |
| mahara | mahara | 1.0.1 | |
| mahara | mahara | 1.0.2 | |
| mahara | mahara | 1.0.3 | |
| mahara | mahara | 1.0.4 | |
| mahara | mahara | 1.0.5 | |
| mahara | mahara | 1.0.6 | |
| mahara | mahara | 1.0.7 | |
| mahara | mahara | 1.0.8 | |
| mahara | mahara | 1.0.10 | |
| mahara | mahara | 1.0.11 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.1 | |
| mahara | mahara | 1.1.2 | |
| mahara | mahara | 1.1.3 | |
| mahara | mahara | 1.1.4 | |
| mahara | mahara | 1.1.5 | |
| mahara | mahara | 1.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "075F7F07-0600-4536-ACDC-B7E3CDA68842",
"versionEndIncluding": "1.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors."
},
{
"lang": "es",
"value": "Mahara anterior a v1.0.13, y v1.1.x anterior a v1.1.7, permite a administradores \"institution\" autenticados remotamente restablecer las contrase\u00f1as de los administradores del sitio web a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-3298",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-11-03T16:30:12.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"source": "cve@mitre.org",
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=1169"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37217"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37218"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1924"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/59584"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36893"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=1169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/59584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-19 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | * | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 | |
| mahara | mahara | 1.5.4 | |
| mahara | mahara | 1.5.6 | |
| mahara | mahara | 1.5.7 | |
| mahara | mahara | 1.5.8 | |
| mahara | mahara | 1.5.9 | |
| mahara | mahara | 1.5.10 | |
| mahara | mahara | 1.7. | |
| mahara | mahara | 1.7.0 | |
| mahara | mahara | 1.7.1 | |
| mahara | mahara | 1.7.2 | |
| mahara | mahara | 1.6.0 | |
| mahara | mahara | 1.6.1 | |
| mahara | mahara | 1.6.2 | |
| mahara | mahara | 1.6.3 | |
| mahara | mahara | 1.6.4 | |
| mahara | mahara | 1.6.5 | |
| mahara | mahara | 1.6.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC43859-166D-403F-BC6C-4B7FDD02807C",
"versionEndIncluding": "1.5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9F7BDA1A-B58F-4B0C-ABE2-84090230E1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AF4A4C-0DB7-442D-ABEE-04B8282D04BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "65C4D82B-1BAE-48BD-8CBC-BCB74FD39A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C61F960D-CCBF-46B6-A443-BF80C2D355C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C3CBBAE0-99A7-4EA3-A3E9-11CBFE1771DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AD24E374-E205-4500-A168-44849BF2357C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.:rc1:*:*:*:*:*:*",
"matchCriteriaId": "14A5DCF0-AD5C-4474-9268-1B235835CD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CCF015B5-EA5A-4B6E-9F9D-B78DEC5F7657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7EA146-CFF3-40A1-A543-2897C94F3D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA8FD5B-DD85-4934-ACF7-259CCF72DE47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248745EB-DC27-407F-8CB9-421578A07741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C56CD7F4-B89A-413A-9330-1218FDDEE03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB74EBE4-99F2-40D9-88DC-50E118397D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F621A6A7-D400-4A48-B2B8-8A815F670277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D19D9FBF-8FE1-4DC9-801E-D8982D8EF3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "481EBE78-72A3-43A3-96C5-5F5571BEB71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "455BA995-8464-4816-A03C-E9AA7DA07548",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request."
},
{
"lang": "es",
"value": "Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no previene debidamente acceso a bloques, lo que permite a usuarios remotos autenticados modificar bloques arbitrarios a trav\u00e9s del bock id en una solicitud de editar."
}
],
"id": "CVE-2013-4431",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-19T14:55:08.500",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/mahara/+bug/1233500"
},
{
"source": "secalert@redhat.com",
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1233500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243."
},
{
"lang": "es",
"value": "Mahara v1.4.x anterior a v1.4.5 y v1.5.x anterior a v1.5.4 permite a los administradores remotos autenticados ejecutar programas arbitrarios mediante la modificaci\u00f3n de la ruta de acceso a clamav. NOTA: puede ser explotada sin autenticaci\u00f3n mediante el aprovechamiento de CVE-2012-2243."
}
],
"id": "CVE-2012-2244",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-24T20:55:02.213",
"references": [
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "security@debian.org",
"url": "https://bugs.launchpad.net/mahara/+bug/1057238"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1057238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4936"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 14:15
Modified
2025-09-05 17:04
Severity ?
Summary
In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mahara.org | Product | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9594 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "402D24E6-C713-4FCA-B087-25EE7D35A147",
"versionEndExcluding": "23.04.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3AA4BB-0073-44DC-8E37-D62399B750A9",
"versionEndExcluding": "24.04.5",
"versionStartIncluding": "24.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute."
},
{
"lang": "es",
"value": "En Mahara 23.04.8 y 24.04.4, el bloqueo de la fuente RSS externa puede provocar XSS si el XML de la fuente externa tiene un valor malicioso para el atributo de enlace."
}
],
"id": "CVE-2024-45753",
"lastModified": "2025-09-05T17:04:26.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-26T14:15:34.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://mahara.org"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9594"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-22 21:15
Modified
2025-09-05 17:07
Severity ?
Summary
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1995819 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9353 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A77837C-B28C-4AB9-8237-4BFD37CFEAE6",
"versionEndExcluding": "21.10.6",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E92481-0669-40B6-B204-B6B4346EE473",
"versionEndExcluding": "22.04.4",
"versionStartIncluding": "22.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4A86D29-05F0-4808-B307-F0DEECA32E93",
"versionEndExcluding": "22.10.1",
"versionStartIncluding": "22.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload."
},
{
"lang": "es",
"value": "Mahara 21.10 (anterior a 21.10.6), 22.04 (anterior a 22.04.4) y 22.10 (anterior a 22.10.1) permiten la carga de fuentes no seguras para m\u00e1scaras. Un archivo XML especialmente estructurado podr\u00eda permitir el acceso al servidor a archivos seguros o provocar la ejecuci\u00f3n de c\u00f3digo bas\u00e1ndose en la payload."
}
],
"id": "CVE-2022-45133",
"lastModified": "2025-09-05T17:07:49.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-22T21:15:30.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1995819"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9353"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-26"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1447377 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1447377 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.9.5 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 1.10.3 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8531F69-D7E5-403D-877C-6360C87F9C6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A2AF4C-CF93-458D-9FBF-B89BF5425BD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.9 anteriores a la 1.9.6, versiones 1.10 anteriores a la 1.10.4 y versiones 15.04 anteriores a la 15.04.1, es vulnerable a que un administrador del sitio o de la instituci\u00f3n pueda incluir c\u00f3digo HTML y JavaScript en el nombre visible de una instituci\u00f3n, que se mostrar\u00e1 sin escape en algunas p\u00e1ginas del sistema de Mahara a otros usuarios."
}
],
"id": "CVE-2017-1000144",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1447377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1447377"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-11-03 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | * | |
| mahara | mahara | 1.0.4 | |
| mahara | mahara | 1.0.7 | |
| mahara | mahara | 1.0.10 | |
| mahara | mahara | 1.0.11 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.1 | |
| mahara | mahara | 1.1.2 | |
| mahara | mahara | 1.1.3 | |
| mahara | mahara | 1.1.4 | |
| mahara | mahara | 1.1.5 | |
| mahara | mahara | 1.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "075F7F07-0600-4536-ACDC-B7E3CDA68842",
"versionEndIncluding": "1.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en el resume blocktype en Mahara anterior a v1.0.13, y v1.1.x anterior a v1.1.7, permite a atacantes remotos inyectar secuencias de comandos web y HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-3299",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-11-03T16:30:12.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"source": "cve@mitre.org",
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"source": "cve@mitre.org",
"url": "http://mahara.org/interaction/forum/topic.php?id=1170"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37217"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37218"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1924"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/59583"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36892"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mahara.org/interaction/forum/topic.php?id=1170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/59583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-07 14:29
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/bugs/1819547 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8446 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/bugs/1819547 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8446 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA9054-9C40-4415-B723-732BBB7E8C85",
"versionEndExcluding": "17.10.8",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A60B16D5-4924-45E9-B71B-C8DF16C79360",
"versionEndExcluding": "18.04.4",
"versionStartIncluding": "18.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E63397-B5EF-485D-BA1A-6FDA3827C3AD",
"versionEndExcluding": "18.10.1",
"versionStartIncluding": "18.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection\u0027s SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user."
},
{
"lang": "es",
"value": "Fue encontrado un problema en Mahara versi\u00f3n 17.10 anterior de 17.10.8, versi\u00f3n 18.04 anterior de 18.04.4 y versi\u00f3n 18.10 anterior de 18.10.1. El t\u00edtulo collection es vulnerable a Cross Site Scripting (XSS) debido a que no escapa al ver la p\u00e1gina de informaci\u00f3n general de collection\u0027s SmartEvidence (si esa funci\u00f3n est\u00e1 activada). Esto puede ser explotado por cualquier usuario registrado."
}
],
"id": "CVE-2019-9709",
"lastModified": "2024-11-21T04:52:09.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T14:29:01.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/bugs/1819547"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/bugs/1819547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8446"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1580399 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1580399 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara\u0027s built-in login form, still allowing users to log in even if their institution was expired or suspended."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.8, versiones 15.10 anteriores a la 15.10.4 y versiones 16.04 anteriores a la 16.04.2, es vulnerable a ciertos m\u00e9todos de autenticaci\u00f3n que no utilizan los formularios de inicio de sesi\u00f3n integrados en Mahara, lo que permite que los usuarios puedan iniciar sesi\u00f3n incluso cuando su instituci\u00f3n ha caducado o se ha suspendido."
}
],
"id": "CVE-2017-1000154",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:01.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1580399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1580399"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-07 21:15
Modified
2024-11-21 01:49
Severity ?
Summary
Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@debian.org | https://bugs.launchpad.net/mahara/+bug/1153423 | Issue Tracking, Third Party Advisory | |
| security@debian.org | https://mahara.org/interaction/forum/topic.php?id=5365 | Patch, Vendor Advisory | |
| security@debian.org | https://security-tracker.debian.org/tracker/CVE-2013-1426 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1153423 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=5365 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2013-1426 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DD3719-C6F9-4B33-8E84-78CE8053CD98",
"versionEndExcluding": "1.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A61F28-4EDC-4310-A7C6-C3A533358EE2",
"versionEndExcluding": "1.6.4",
"versionStartIncluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor."
},
{
"lang": "es",
"value": "Un ataque de tipo Cross-site Scripting (XSS) en Mahara versiones anteriores a 1.5.9 y versiones 1.6.x anteriores a 1.6.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del editor TinyMCE."
}
],
"id": "CVE-2013-1426",
"lastModified": "2024-11-21T01:49:33.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-07T21:15:10.533",
"references": [
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1153423"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5365"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1153423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1426"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "611F8B3B-24B5-48F5-8B00-34D963456F31",
"versionEndExcluding": "1.4.4",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9347221B-9020-44E1-B9E7-13C95FBD8633",
"versionEndExcluding": "1.5.3",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php."
},
{
"lang": "es",
"value": "Mahara v1.4.x anterior a v1.4.4 y v1.5.x anterior a v1.5.3 permite a atacantes remotos leer archivos arbitrarios o crear conexiones TCP a trav\u00e9s de un ataque de inyecci\u00f3n en una entidad XML externa (XXE), como se demuestra por la lectura de config.php."
}
],
"id": "CVE-2012-2239",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-11-24T20:55:02.087",
"references": [
{
"source": "security@debian.org",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1047111"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1047111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4869"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-31 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1701978 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1701978 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 15.04.9 | |
| mahara | mahara | 15.04.10 | |
| mahara | mahara | 15.04.11 | |
| mahara | mahara | 15.04.12 | |
| mahara | mahara | 15.04.13 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 16.04.3 | |
| mahara | mahara | 16.04.4 | |
| mahara | mahara | 16.04.5 | |
| mahara | mahara | 16.04.6 | |
| mahara | mahara | 16.04.7 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10.0 | |
| mahara | mahara | 16.10.1 | |
| mahara | mahara | 16.10.2 | |
| mahara | mahara | 16.10.3 | |
| mahara | mahara | 16.10.4 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04.0 | |
| mahara | mahara | 17.04.1 | |
| mahara | mahara | 17.04.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB396B0-459E-4C15-9813-980F35C4C44D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12CDBF96-CFA2-4941-A9D9-C618A2A1D08D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29F2B552-479F-4EEA-858B-2920E14BF5C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "265120A4-CD21-425B-9272-06EB68654A80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the \u0027mahara\u0027 cookie to the old value, they can get access to the user\u0027s account."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Mahara, en versiones anteriores a la 15.04.14, versiones 16.x anteriores a la 16.04.8, versiones 16.10.x anteriores a la 16.10.5 y versiones 17.x anteriores a la 17.04.3. Cuando un usuario cierra el navegador sin cerrar sesi\u00f3n en Mahara, no se elimina el valor en la tabla usr_session. Si alguien fuese a abrir un navegador, visitar el sitio de Mahara y ajustar la cookie \"Mahara\" al valor antiguo, podr\u00eda obtener acceso a la cuenta del usuario."
}
],
"id": "CVE-2017-14163",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-31T18:29:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1701978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1701978"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1472439 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1472439 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.9.5 | |
| mahara | mahara | 1.9.6 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 1.10.3 | |
| mahara | mahara | 1.10.4 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C8531F69-D7E5-403D-877C-6360C87F9C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C68FBF-5176-4FE9-BAEF-43AE316F4B00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A2AF4C-CF93-458D-9FBF-B89BF5425BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBAB23C-F0F7-4267-8803-9B8ED17145B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.9 anteriores a la 1.9.7, versiones 1.10 anteriores a la 1.10.5 y versiones 15.04 anteriores a la 15.04.2, es vulnerable a la ejecuci\u00f3n arbitraria de c\u00f3digo JavaScript en el navegador de un usuario que haya iniciado sesi\u00f3n, debido a que el t\u00edtulo del portfolio no se escap\u00f3 correctamente en el script AJAX que actualiza el enlace Add/remove (A\u00f1adir/eliminar) de la lista de actividades en p\u00e1ginas de detalles de artefactos."
}
],
"id": "CVE-2017-1000146",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1472439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1472439"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1570744 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1570744 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user\u0027s account settings."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.7 y versiones 15.10 anteriores a la 15.10.3 que ejecuten PHP 5.3, es vulnerable a que un usuario inicie sesi\u00f3n como otro usuario en un ordenador diferente debido a que se sirve el mismo ID de sesi\u00f3n. Esta situaci\u00f3n puede tener lugar cuando un usuario realiza una acci\u00f3n que fuerza a que otro usuario cierre sesi\u00f3n en Mahara. Por ejemplo, si un administrador modifica los ajustes de cuenta de otro usuario."
}
],
"id": "CVE-2017-1000152",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570744"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 21:15
Modified
2025-09-05 16:59
Severity ?
Summary
Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://git.mahara.org/catalyst-security/mahara-security/-/merge_requests/6 | Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9519 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA05FEA-4292-4E27-9A92-93DFD7F65912",
"versionEndExcluding": "22.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0A0C60-D0B4-4EAB-919B-1426E8084E8F",
"versionEndExcluding": "23.04.6",
"versionStartIncluding": "23.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255904C8-8388-4E84-BA1C-6805674FF1D3",
"versionEndExcluding": "24.04.1",
"versionStartIncluding": "24.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system."
},
{
"lang": "es",
"value": "Mahara anterior a 22.10.6, 23.04.6 y 24.04.1 permite cross-site scripting (XSS) a trav\u00e9s de un archivo, con c\u00f3digo JavaScript como parte de su nombre, que se carga mediante el sistema de exploraci\u00f3n de archivos de Mahara."
}
],
"id": "CVE-2024-35203",
"lastModified": "2025-09-05T16:59:11.387",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-26T21:15:47.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://git.mahara.org/catalyst-security/mahara-security/-/merge_requests/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9519"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-23 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.0.0 | |
| mahara | mahara | 1.0.1 | |
| mahara | mahara | 1.0.2 | |
| mahara | mahara | 1.0.3 | |
| mahara | mahara | 1.0.4 | |
| mahara | mahara | 1.0.5 | |
| mahara | mahara | 1.0.6 | |
| mahara | mahara | 1.0.7 | |
| mahara | mahara | 1.0.8 | |
| mahara | mahara | 1.0.9 | |
| mahara | mahara | 1.0.10 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.1 | |
| mahara | mahara | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara la v1.0.x anteriores a v1.0.11 y la v1.1.x anteriores a v1.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a trav\u00e9s (1) el campo \"introduction\" en el perfil de usuario o (2) un bloque de texto arbitrario en la vista de usuario."
}
],
"id": "CVE-2009-0664",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-23T17:30:01.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mahara.org/interaction/forum/topic.php?id=532"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53891"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/53892"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34789"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34871"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1778"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mahara.org/interaction/forum/topic.php?id=532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/53892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2009/dsa-1778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/34677"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-17 18:15
Modified
2024-11-21 01:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB1A703-DD09-4A0A-AEE7-39C1CBF10063",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7F4F89-A901-4FE0-AEEF-9148AF466CFB",
"versionEndExcluding": "1.5.2",
"versionStartIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en Mahara versiones 1.4.x anteriores a la versi\u00f3n 1.4.3 y versiones 1.5.x anteriores a la versi\u00f3n 1.5.2, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con (1) javascript innerHTML como es usado cuando se generan formularios de inicio de sesi\u00f3n, (2) enlaces o (3) URL de recursos, y (4) el nombre Display en un perfil de usuario."
}
],
"id": "CVE-2012-2237",
"lastModified": "2024-11-21T01:38:44.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T18:15:12.637",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2540"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009774"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009777"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009784"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4748"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-31 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1719472 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1719480 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1720034 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8081 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1719472 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1719480 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1720034 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8081 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 15.04.9 | |
| mahara | mahara | 15.04.10 | |
| mahara | mahara | 15.04.11 | |
| mahara | mahara | 15.04.12 | |
| mahara | mahara | 15.04.13 | |
| mahara | mahara | 15.04.15 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 16.04.3 | |
| mahara | mahara | 16.04.4 | |
| mahara | mahara | 16.04.5 | |
| mahara | mahara | 16.04.6 | |
| mahara | mahara | 16.04.7 | |
| mahara | mahara | 16.04.8 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10 | |
| mahara | mahara | 16.10.0 | |
| mahara | mahara | 16.10.1 | |
| mahara | mahara | 16.10.2 | |
| mahara | mahara | 16.10.3 | |
| mahara | mahara | 16.10.4 | |
| mahara | mahara | 16.10.5 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04 | |
| mahara | mahara | 17.04.0 | |
| mahara | mahara | 17.04.1 | |
| mahara | mahara | 17.04.2 | |
| mahara | mahara | 17.04.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8ECDD170-7B22-4F4E-AF8C-BF7698A92FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FF82A5-DF51-4719-9940-85A0E4AF4626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3605A76D-1C09-4998-B387-FE7BED77B2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0D2C52-AFA4-4C35-8D8A-76AB94292E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB396B0-459E-4C15-9813-980F35C4C44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.15:*:*:*:*:*:*:*",
"matchCriteriaId": "35EC92CA-00D6-482A-94FE-3FA0A962B6C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "76D70CE2-AEA2-47B0-83D6-3F8A6E949D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BD9F88-E643-4CF5-A426-82B2D6133F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "77F2D3A9-81B1-42E3-AF72-FBA985C48650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D050E953-88B1-40F7-98A8-B6A026292B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12CDBF96-CFA2-4941-A9D9-C618A2A1D08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5065A264-DB58-4A3F-984D-D3B45195F4B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0C590A8C-43CB-4B22-9F33-FD8BB01DCF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F4DF3D9-A46D-4933-84FB-8179651C5B3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D642FA0-D977-4157-B379-3BBA86D80D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D2BD22-57F7-4594-AE5F-426AA1D74BFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5712D88-9218-4E7D-977C-07755D1B0D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA26090-2ED4-453D-85AA-46ED4E00DFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "29F2B552-479F-4EEA-858B-2920E14BF5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65F7A0FD-5C12-4A49-B5FE-E8C8C88C2496",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E4968B1-0D09-4449-B2A8-22B8C4B4346D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68A1A68E-704F-49C9-B07A-23C1B69A0966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26F30A3C-0BAA-45F8-A1D2-3FD8D381A1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "262C2C07-CFDB-42A0-8896-758F1FF5BE93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "265120A4-CD21-425B-9272-06EB68654A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:17.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC2D1CB-72FA-445B-BDF2-88ED633B19D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.15, versiones 16.04 anteriores a la 16.04.9, versiones 16.10 anteriores a la 16.10.6 y versiones 17.04 anteriores a la 17.04.4, es vulnerable a que un usuario env\u00ede un payload potencialmente peligroso (como c\u00f3digo XSS) para que se guarde como t\u00edtulos en artefactos internos."
}
],
"id": "CVE-2017-15273",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-31T18:29:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719472"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719480"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1720034"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1720034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8081"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1363873 | Exploit, Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1363873 | Exploit, Issue Tracking, Mitigation, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.6, versiones 1.9 anteriores a la 1.9.4, versiones 1.10 anteriores a la 1.10.1 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que no se invaliden las sesiones antiguas despu\u00e9s de un cambio de contrase\u00f1a."
}
],
"id": "CVE-2017-1000136",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1363873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1363873"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-02 22:15
Modified
2024-11-21 06:28
Severity ?
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1942903 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1949527 | Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8952 | Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8995 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1942903 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1949527 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8952 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8995 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DDE4C7-FE22-41A8-AB98-F410A470268E",
"versionEndExcluding": "20.04.5",
"versionStartIncluding": "20.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED5D80-651C-4B0E-81AC-DB23BF6DFCF9",
"versionEndExcluding": "20.10.3",
"versionStartIncluding": "20.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE88DE-CD36-4F04-AB37-D155FABD12B8",
"versionEndExcluding": "21.04.2",
"versionStartIncluding": "21.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61C119B6-0D83-4E30-87E4-166B0BD7D578",
"versionEndExcluding": "20.10.4",
"versionStartIncluding": "20.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E157F-FBE3-46EB-80F5-CBE01BD54434",
"versionEndExcluding": "21.04.3",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "162501DE-B42B-4684-8908-DCC34741B358",
"versionEndExcluding": "21.10.1",
"versionStartIncluding": "21.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution"
},
{
"lang": "es",
"value": "En Mahara versiones anteriores a 20.04.5, 20.10.3, 21.04.2, y 21.10.0, la exportaci\u00f3n de colecciones por medio de la exportaci\u00f3n de PDF pod\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo por medio de metacaracteres de shell en el nombre de una colecci\u00f3n. Adem\u00e1s, versiones anteriores a 20.10.4, 21.04.3 y 21.10.1, la exportaci\u00f3n de colecciones por medio de la exportaci\u00f3n de PDF podr\u00eda provocar la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2021-43266",
"lastModified": "2024-11-21T06:28:57.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-02T22:15:09.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1942903"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1949527"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8952"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1942903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1949527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8995"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-07 20:15
Modified
2024-11-21 05:06
Severity ?
Summary
In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1888163 | Patch, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8668 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1888163 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8668 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE858E7-6055-4E0D-808B-052B48058CE7",
"versionEndExcluding": "19.04.6",
"versionStartIncluding": "19.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF8875D-4FA6-42CE-BF30-D2A3BBFF6F8C",
"versionEndExcluding": "19.10.4",
"versionStartIncluding": "19.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6A86F5-9D26-4490-AF80-4C578C8CD2A2",
"versionEndExcluding": "20.04.1",
"versionStartIncluding": "20.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript."
},
{
"lang": "es",
"value": "En Mahara versiones 19.04 anteriores a 19.04.6, versiones 19.10 anteriores a 19.10.4 y versiones 20.04 anteriores a 20.04.1, determinados lugares pod\u00edan ejecutar nombres de archivos o carpetas que contienen JavaScript"
}
],
"id": "CVE-2020-15907",
"lastModified": "2024-11-21T05:06:25.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-07T20:15:12.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1888163"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1888163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8668"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-09 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEEE934-08EC-4676-97CE-6C9372845EAC",
"versionEndIncluding": "1.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en blocktype/groupviews/theme/raw/groupviews.tpl En Mahara anterior v1.3.3 permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a tarv\u00e9s de vectores no especificados. NOTA: algunos de estos detalles han sido obtenidos de terceras partes."
}
],
"id": "CVE-2010-3871",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-09T21:00:05.850",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42152"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.mahara.org/Release_Notes/1.3.3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/44705"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.3.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63052"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1267686 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1267686 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.6, versiones 1.9 anteriores a la 1.9.4, versiones 1.10 anteriores a la 1.10.1 y versiones 15.04 anteriores a la 15.04.0, es vulnerable debido a que los miembros del grupo pueden perder acceso a los archivos del grupo que subieron si otro miembro cambia sus permisos."
}
],
"id": "CVE-2017-1000134",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1267686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1267686"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.1 | |
| mahara | mahara | 1.1.2 | |
| mahara | mahara | 1.1.3 | |
| mahara | mahara | 1.1.4 | |
| mahara | mahara | 1.1.5 | |
| mahara | mahara | 1.1.6 | |
| mahara | mahara | 1.1.7 | |
| mahara | mahara | 1.1.8 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.1 | |
| mahara | mahara | 1.2.2 | |
| mahara | mahara | 1.2.3 | |
| mahara | mahara | 1.2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Mahara v1.1.x anterior a v1.1.9 y v1.2.x anterior v1.2.5 permite a los atacantes remotos ejecutar a su elecci\u00f3n comandos SQL a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-1669",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-06T17:17:14.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/41319"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/41319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59995"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1600069 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1600069 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user\u0027s uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the \"default\" or used in any pages."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.8, versiones 15.10 anteriores a la 15.10.4 y versiones 16.04 anteriores a la 16.04.2, es vulnerable a que se acceda a fotos de perfil sin ninguna verificaci\u00f3n de control de acceso. Como consecuencia, esto permite que cualquier usuario pueda visualizar las fotos de perfil subidas por los otros usuarios, tanto si est\u00e1n establecidas como foto por defecto, como si se utilizan en cualquier p\u00e1gina."
}
],
"id": "CVE-2017-1000155",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:01.090",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1600069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1600069"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1567784 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1567784 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.7 y versiones 15.10 anteriores a la 15.10.3, es vulnerable a que se evite que los ID de sesi\u00f3n se regeneren en el inicio o el cierre de sesi\u00f3n. Esto hace que los usuarios del sitio sean m\u00e1s vulnerables a ataques de fijaci\u00f3n de sesi\u00f3n."
}
],
"id": "CVE-2017-1000150",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1567784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1567784"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1348024 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1348024 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.8.6 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9C9686-29B7-4212-9BAD-E04FE0EB8B02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable debido a que los usuarios que han iniciado sesi\u00f3n pueden permanecer con la sesi\u00f3n iniciada despu\u00e9s de que se suspenda la instituci\u00f3n a la que pertenecen"
}
],
"id": "CVE-2017-1000135",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1348024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1348024"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13EA11E8-5A54-4A4B-BB70-E8F2CE243169",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF82733-11FD-41CB-9D5C-A81D891AD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC3515E-0923-40D8-A026-833DCAE47648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F7E30-71E4-41FC-883C-9E5DBF659A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Mahara anterior a v1.4.1 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que a\u00f1aden un usuario a \"institution\"."
}
],
"id": "CVE-2011-2773",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-15T03:57:56.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "cve@mitre.org",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/mahara/+bug/800032"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/800032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 14:15
Modified
2025-09-22 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9594 | Vendor Advisory | |
| cve@mitre.org | https://www.mahara.org | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "402D24E6-C713-4FCA-B087-25EE7D35A147",
"versionEndExcluding": "23.04.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3AA4BB-0073-44DC-8E37-D62399B750A9",
"versionEndExcluding": "24.04.5",
"versionStartIncluding": "24.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Mahara 23.04.8 y 24.04.4. Los atacantes podr\u00edan usar la escalada de privilegios en ciertos casos al iniciar sesi\u00f3n en Mahara con Learning Tools Interoperability (LTI)."
}
],
"id": "CVE-2024-47853",
"lastModified": "2025-09-22T16:15:38.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-26T14:15:35.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9594"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.mahara.org"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1084336 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1084336 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.8, versiones 15.10 anteriores a la 15.10.4 y versiones 16.04 anteriores a la 16.04.2, es vulnerable a que los usuarios permanezcan con la sesi\u00f3n iniciada en su cuenta de Mahara incluso cuando hayan cerrado sesi\u00f3n en Moodle (cuando se utiliza MNet), debido a que Mahara no implementaba correctamente una de las funciones de la API de SSO MNet."
}
],
"id": "CVE-2017-1000131",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1084336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1084336"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-31 23:15
Modified
2024-11-21 06:00
Severity ?
Summary
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/0xBaz/CVE-2021-29349/issues/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/0xBaz/CVE-2021-29349/issues/1 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "39EBBE51-0365-49FD-9504-C42AC8EA8477",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox."
},
{
"lang": "es",
"value": "Mahara versi\u00f3n 20.10 est\u00e1 afectado por un vulnerabilidad de tipo Cross Site Request Forgery (CSRF) que permite a un atacante remoto eliminar el correo de la bandeja de entrada del servidor.\u0026#xa0;La aplicaci\u00f3n no puede validar el token CSRF para una petici\u00f3n POST.\u0026#xa0;Un atacante puede crear una petici\u00f3n de pieform_delete_all_notifications del archivo module/multirecipientnotification/inbox.php, que conlleva a eliminar todos los mensajes de un buz\u00f3n."
}
],
"id": "CVE-2021-29349",
"lastModified": "2024-11-21T06:00:58.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-31T23:15:11.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0xBaz/CVE-2021-29349/issues/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/0xBaz/CVE-2021-29349/issues/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-06 17:15
Modified
2025-05-02 19:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1979575 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1979575 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=9198 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29BF62C0-9CEF-4EBF-B635-67F416C2F692",
"versionEndExcluding": "21.04.7",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4113D84F-96F1-4185-BD2A-65F4B444BFD1",
"versionEndExcluding": "21.10.5",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC3CBE95-58A0-407F-805F-5FA142197EA5",
"versionEndExcluding": "22.04.3",
"versionStartIncluding": "22.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:22.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "382558E9-D245-4AA5-ABE8-3CBDEA139099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript."
},
{
"lang": "es",
"value": "Mahara 21.04 antes de 21.04.7, 21.10 antes de 21.10.5, 22.04 antes de 22.04.3 y 22.10 antes de 22.10.0 potencialmente permiten que una exportaci\u00f3n de PDF active un shell remoto si el sitio se ejecuta en Ubuntu y el indicador -dSAFER no est\u00e1 configurado con Ghostscript."
}
],
"id": "CVE-2022-44544",
"lastModified": "2025-05-02T19:15:54.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-06T17:15:10.220",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1979575"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1979575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9198"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1429647 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1429647 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.8.6 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9C9686-29B7-4212-9BAD-E04FE0EB8B02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que los usuarios reciban notificaciones de lista de actividades sobre p\u00e1ginas a las que ya no tienen acceso."
}
],
"id": "CVE-2017-1000143",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1429647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1429647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-20 22:29
Modified
2024-11-21 03:17
Severity ?
Summary
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1734767 | Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8150 | Vendor Advisory | |
| cve@mitre.org | https://reviews.mahara.org/#/c/8312/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1734767 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8150 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://reviews.mahara.org/#/c/8312/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC68C57-F2E1-4E20-9E38-99D3218BAC96",
"versionEndExcluding": "16.10.7",
"versionStartIncluding": "16.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00BD0F18-7087-4D31-B8E0-159F79C4B13E",
"versionEndExcluding": "17.04.5",
"versionStartIncluding": "17.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "892E2FAA-F01B-432E-9473-774949895AD7",
"versionEndExcluding": "17.10.2",
"versionStartIncluding": "17.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present."
},
{
"lang": "es",
"value": "Mahara 16.10 en versiones anteriores a la 16.10.7, versiones 17.04 anteriores a la 17.04.5 y versiones 17.10 anteriores a la 17.10.2 es vulnerable a ser forzado, mediante un ataque Man-in-the-Middle (MitM), a interactuar con Mahara en el protocolo HTTP en lugar de HTTPS, incluso auque haya un certificado SSL."
}
],
"id": "CVE-2017-17455",
"lastModified": "2024-11-21T03:17:57.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-20T22:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1734767"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8150"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://reviews.mahara.org/#/c/8312/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1734767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://reviews.mahara.org/#/c/8312/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1558361 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1558361 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.10 | |
| mahara | mahara | 15.10 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 1.10.3 | |
| mahara | mahara | 1.10.4 | |
| mahara | mahara | 1.10.5 | |
| mahara | mahara | 1.10.6 | |
| mahara | mahara | 1.10.7 | |
| mahara | mahara | 1.10.8 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8C8B1304-EDDD-4DF0-A06A-77E4D086BF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74223CFD-B317-48A4-A085-CAF77422D51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A2AF4C-CF93-458D-9FBF-B89BF5425BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3BBAB23C-F0F7-4267-8803-9B8ED17145B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A1F9F0-2585-4A7D-8C78-3E935CC78E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA92FA6-5AC2-43A6-8D36-F4AB8A00F098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1635B26-478B-4617-964B-1DC73A7910FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "702EFF99-3629-461C-8E2E-BB72958DB931",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target=\"_blank\" and window.open())"
},
{
"lang": "es",
"value": "Mahara, en versiones 1.10 anteriores a la 1.10.9, versiones 15.04 anteriores a la 15.04.6 y versiones 15.10 anteriores a la 15.10.2, es vulnerable a XSS debido a window.opener (target=\"_blank\" and window.open())"
}
],
"id": "CVE-2017-1000149",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1558361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1558361"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13EA11E8-5A54-4A4B-BB70-E8F2CE243169",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF82733-11FD-41CB-9D5C-A81D891AD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC3515E-0923-40D8-A026-833DCAE47648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F7E30-71E4-41FC-883C-9E5DBF659A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target."
},
{
"lang": "es",
"value": "Mahara antes de v1.4.1, cuando se usa MNet (tambi\u00e9n conocido como Moodle network), permite a usuarios autenticados ganar privilegios a trav\u00e9s de un salto a un objetivo XMLRPC"
}
],
"id": "CVE-2011-4118",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-15T03:57:56.630",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://mahara.org/interaction/forum/topic.php?id=4138"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/04/10"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/04/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "secalert@redhat.com",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/884223"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mahara.org/interaction/forum/topic.php?id=4138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/04/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/04/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/mahara/+bug/884223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-03-11 14:19
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.0.0 | |
| mahara | mahara | 1.0.1 | |
| mahara | mahara | 1.0.2 | |
| mahara | mahara | 1.0.3 | |
| mahara | mahara | 1.0.4 | |
| mahara | mahara | 1.0.5 | |
| mahara | mahara | 1.0.6 | |
| mahara | mahara | 1.0.7 | |
| mahara | mahara | 1.0.8 | |
| mahara | mahara | 1.0.9 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.0 | |
| mahara | mahara | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.0 anterior a v1.0.10 y v1.1 anterior a v1.1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1) profile y (2) blog. Vulnerabilidad distinta de CVE-2009-0487."
}
],
"id": "CVE-2009-0660",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-11T14:19:15.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=350"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34222"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34231"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.1.2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1736"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34064"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0665"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/34231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.1.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-09 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4837AA98-82C6-4F5A-B02E-B89B1E08ADE1",
"versionEndIncluding": "1.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.0.9, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de un mensaje manipulado en el foro."
}
],
"id": "CVE-2009-0487",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-09T20:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=198"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33813"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33619"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48518"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1397736 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1397736 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.8.6 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9C9686-29B7-4212-9BAD-E04FE0EB8B02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a ataques de Server-Side Request Forgery debido a que no se verifican con una lista blanca o lista negra todos los procesos de redirecci\u00f3n curl. El uso de SafeCurl previene estos problemas."
}
],
"id": "CVE-2017-1000139",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1397736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1397736"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-28 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.1 | |
| mahara | mahara | 1.2.2 | |
| mahara | mahara | 1.2.3 | |
| mahara | mahara | 1.2.4 | |
| mahara | mahara | 1.2.5 | |
| mahara | mahara | 1.2.6 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.1 | |
| mahara | mahara | 1.3.2 | |
| mahara | mahara | 1.3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Mahara v1.2.x anteriores a v1.2.7 y v1.3.x anteriores a V1.3.4 , permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones de borrado de Blogs.\r\n"
}
],
"id": "CVE-2011-0440",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-28T16:55:04.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3206"
},
{
"source": "cve@mitre.org",
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43858"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47033"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66326"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C01C26-7C43-4778-BFA1-05745155A2BC",
"versionEndIncluding": "1.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Mahara para versiones anteriores a v1.3.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s vectores asociados a los mensajes de correo en HTML, relacionado con artefact/comment/lib.php y interaction/forum/lib.php."
}
],
"id": "CVE-2011-1405",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T22:55:01.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67399"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/772860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-28 16:15
Modified
2024-11-21 06:59
Severity ?
Summary
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "576FDDFF-BE61-4621-B95B-DFB50B74EBE6",
"versionEndExcluding": "20.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31F4D98D-4AAD-45A9-AE8D-9C4A37ED2522",
"versionEndExcluding": "21.04.4",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E73354F6-11E7-4589-AAED-3BFB1953395D",
"versionEndExcluding": "21.10.2",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:22.04.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8CFBE34-BEF9-41D4-B909-F02C5D1690A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of)."
},
{
"lang": "es",
"value": "En Mahara versiones anteriores a 20.10.5, 21.04.4, 21.10.2 y 22.04.0, un sitio usando Instituciones Aisladas es vulnerable si son usados m\u00e1s de diez grupos. Todos ellos son mostrados a partir de la p\u00e1gina 2 de la lista de resultados de los grupos (en lugar de mostrarse s\u00f3lo para la instituci\u00f3n a la que pertenece el espectador)"
}
],
"id": "CVE-2022-29585",
"lastModified": "2024-11-21T06:59:21.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-28T16:15:08.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1922226"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1922226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-30 21:29
Modified
2024-11-21 03:43
Severity ?
Summary
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1772774 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8271 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1772774 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8271 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45AB0DD3-CCBA-4C94-837E-6E2B4635E8A9",
"versionEndExcluding": "17.04.8",
"versionStartIncluding": "17.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87104E12-A6F3-4762-A518-F81C906DA755",
"versionEndExcluding": "17.10.5",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:18.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50BB0028-28D9-4F5C-B46A-B5BEFA50149E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information."
},
{
"lang": "es",
"value": "Mahara en versiones 17.04 anteriores a la 17.04.8, versiones 17.10 anteriores a la 17.10.5 y versiones 18.04 anteriores a la 18.04.1 es vulnerable a mencionar los nombres de usuario que ya est\u00e1n en uso por personas registradas en el sistema, en lugar de ocultar dicha informaci\u00f3n."
}
],
"id": "CVE-2018-11565",
"lastModified": "2024-11-21T03:43:37.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-30T21:29:00.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1772774"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1772774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8271"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-30 13:15
Modified
2024-11-21 05:40
Severity ?
Summary
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1836984 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8612 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1836984 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8612 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03829FC2-5003-4325-B0A9-56AF4B75EAED",
"versionEndExcluding": "19.04.5",
"versionStartIncluding": "19.04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B87F6ACC-C0AB-469A-92DA-886207E63800",
"versionEndExcluding": "19.10.3",
"versionStartIncluding": "19.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:20.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "422F667D-A371-4615-AA29-EAA80185386E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:20.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "2EAEBCCF-6E76-4B15-BFFA-0119DEFE56D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting \u0027Isolated institutions\u0027 is turned on."
},
{
"lang": "es",
"value": "En Mahara versiones 19.04 anteriores a la versi\u00f3n 19.04.5 y versiones 19.10 anteriores a la versi\u00f3n 19.10.3, los detalles de cuentas son compartidos en los resultados de Elasticsearch para las cuentas que no son accesibles cuando el ajuste de configuraci\u00f3n \"Isolated institutions\" est\u00e1 activado."
}
],
"id": "CVE-2020-9387",
"lastModified": "2024-11-21T05:40:32.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-30T13:15:13.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1836984"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1836984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1609200 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1609200 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04.0 | |
| mahara | mahara | 15.04.1 | |
| mahara | mahara | 15.04.2 | |
| mahara | mahara | 15.04.3 | |
| mahara | mahara | 15.04.4 | |
| mahara | mahara | 15.04.5 | |
| mahara | mahara | 15.04.6 | |
| mahara | mahara | 15.04.7 | |
| mahara | mahara | 15.04.8 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04 | |
| mahara | mahara | 16.04.0 | |
| mahara | mahara | 16.04.1 | |
| mahara | mahara | 16.04.2 | |
| mahara | mahara | 15.10.0 | |
| mahara | mahara | 15.10.1 | |
| mahara | mahara | 15.10.2 | |
| mahara | mahara | 15.10.3 | |
| mahara | mahara | 15.10.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6932E7F9-BA51-4099-8987-8944E0284B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "022D7031-54EF-484C-B076-15C4342532E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFB08C5-151E-49D2-AC13-1018FF402569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*",
"matchCriteriaId": "853E7231-70C7-4A1F-817F-E43D78BCB060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96E14503-4E8B-44F5-9CAB-EF074CA71862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD7E980-E0C1-44D1-AFDE-F47CE3A48C71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9623EF-7C2D-4A58-AF56-DBD8707CC9EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00782DDD-90C9-410F-A810-F5632AD25132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2D2EDD-0072-45A5-9FF6-BF4616109DE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1C7261F-8712-4405-A1C0-C36FD9BE64EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "74C6846C-42FB-454E-B4BA-0DAA43C1A0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6F378F-9282-46B4-BF84-B08418C2B592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28E5C4FE-5195-40FA-8580-2AF84D370B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:16.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5A96D5-CF12-470B-8ADE-183F09D57262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "609A3054-6DA9-44A8-9927-29E181D4D07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E8584F-8CD3-415C-BFC0-DC825089CA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "023729FA-BEA6-4D89-87B3-C91A7FBDDD46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEC8639-ECF7-4479-B88E-EA3C3D7F6A0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B04E216C-E51E-44FE-85F0-23C0F1EA9928",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group\u0027s configuration page being editable by any group member even when they didn\u0027t have the admin role."
},
{
"lang": "es",
"value": "Mahara, en versiones 15.04 anteriores a la 15.04.9, versiones 15.10 anteriores a la 15.10.5 y versiones 16.04 anteriores a la 16.04.3, es vulnerable a que cualquier miembro de un grupo pueda editar la p\u00e1gina de configuraci\u00f3n del grupo, incluso si este no tiene el rol de administrador."
}
],
"id": "CVE-2017-1000156",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:01.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1609200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1609200"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 15:15
Modified
2025-09-05 17:00
Severity ?
Summary
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9519 | Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/view.php?id=43 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0A0C60-D0B4-4EAB-919B-1426E8084E8F",
"versionEndExcluding": "23.04.6",
"versionStartIncluding": "23.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "255904C8-8388-4E84-BA1C-6805674FF1D3",
"versionEndExcluding": "24.04.1",
"versionStartIncluding": "24.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the \u0027Current submissions\u0027 page: Administration -\u003e Groups -\u003e Submissions."
},
{
"lang": "es",
"value": "Las versiones compatibles de Mahara 24.04 anteriores a 24.04.1 y 23.04 anteriores a 23.04.6 son vulnerables a que se divulgue informaci\u00f3n a un administrador de la instituci\u00f3n bajo ciertas condiciones a trav\u00e9s de la p\u00e1gina \"Env\u00edos actuales\": Administraci\u00f3n -\u0026gt; Grupos -\u0026gt; Env\u00edos."
}
],
"id": "CVE-2024-39335",
"lastModified": "2025-09-05T17:00:50.507",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-26T15:15:40.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9519"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/view.php?id=43"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-20 16:15
Modified
2024-11-21 07:08
Severity ?
Summary
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9138 | Exploit, Issue Tracking, Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=9138 | Exploit, Issue Tracking, Third Party Advisory, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62027D1F-B7F0-4CB3-9352-386AC7A12DDE",
"versionEndExcluding": "21.04.6",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E37D4A54-CE7D-4C69-B337-50F11326D1D7",
"versionEndExcluding": "21.10.4",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:22.04.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87ABA3EA-D7D7-4B92-9592-7BF91819A950",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check."
},
{
"lang": "es",
"value": "En Mahara versiones 21.04 anteriores a 21.04.6, 21.10 anteriores a 21.10.4 y 22.04.2, a veces pueden descargarse archivos mediante el archivo thumb.php sin comprobaci\u00f3n de permisos"
}
],
"id": "CVE-2022-33913",
"lastModified": "2024-11-21T07:08:35.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T16:15:08.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9138"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-01 19:29
Modified
2024-11-21 03:42
Severity ?
Summary
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/bugs/1770535 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8270 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/bugs/1770535 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8270 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45AB0DD3-CCBA-4C94-837E-6E2B4635E8A9",
"versionEndExcluding": "17.04.8",
"versionStartIncluding": "17.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87104E12-A6F3-4762-A518-F81C906DA755",
"versionEndExcluding": "17.10.5",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:18.04.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50BB0028-28D9-4F5C-B46A-B5BEFA50149E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers."
},
{
"lang": "es",
"value": "Mahara, en versiones 17.04 anteriores a la 17.04.8, versiones 17.10 anteriores a la 17.10.5 y versiones 18.04 anteriores a la 18.04.1 pueden empelarse para transmitir virus colocando archivos infectados en un archivo Leap2A y subi\u00e9ndolo a Mahara. En contraste con otros archivos ZIP que se suben, ClamAV (cuando se activa) no comprueba los archivos Leap2A en busca de virus, lo que permite que los archivos maliciosos est\u00e9n disponibles para su descarga. Cuando los archivos no se pueden ejecutar en el propio Mahara, Mahara puede emplearse para transferir tales archivos a los ordenadores de los usuarios."
}
],
"id": "CVE-2018-11196",
"lastModified": "2024-11-21T03:42:52.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-01T19:29:00.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/bugs/1770535"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/bugs/1770535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8270"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-09 14:15
Modified
2024-11-21 05:40
Severity ?
Summary
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1863043 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8590 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1863043 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8590 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87C3AD18-7468-4E09-A60C-DD3D3A307573",
"versionEndExcluding": "18.10.5",
"versionStartIncluding": "18.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9831C01A-2150-42FD-A019-AB7457F24555",
"versionEndExcluding": "19.04.4",
"versionStartIncluding": "19.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18CC7437-0234-44DE-9448-71504D2A0ECD",
"versionEndExcluding": "19.10.2",
"versionStartIncluding": "19.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the \u0027Edit access\u0027 screen when sharing portfolios."
},
{
"lang": "es",
"value": "En Mahara versiones 18.10 anteriores a 18.10.5, versiones 19.04 anteriores a 19.04.4 y versiones 19.10 anteriores a 19.10.2, una determinada informaci\u00f3n personal puede ser detectada inspeccionando las respuestas de red en la pantalla \"Edit access\" cuando se comparten portafolios."
}
],
"id": "CVE-2020-9282",
"lastModified": "2024-11-21T05:40:21.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-09T14:15:11.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1863043"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1863043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8590"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 14:15
Modified
2025-09-05 17:02
Severity ?
Summary
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mahara.org/THE-FINAL-URL-IN-QUESTION | Broken Link | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9711 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CD0D3C7-9AB7-4156-B0E0-AA428F6256C9",
"versionEndExcluding": "24.04.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy."
},
{
"lang": "es",
"value": "Mahara anterior al 24.04.9 expone informaci\u00f3n de conexi\u00f3n de la base de datos si la base de datos se vuelve inaccesible, por ejemplo, debido a que el servidor de la base de datos est\u00e1 temporalmente inactivo o demasiado ocupado."
}
],
"id": "CVE-2025-29992",
"lastModified": "2025-09-05T17:02:09.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-26T14:15:37.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://mahara.org/THE-FINAL-URL-IN-QUESTION"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9711"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D849F41F-0841-43A9-8CDC-73CBFE844CFE",
"versionEndIncluding": "1.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.0.15, v1.1.x anterior a v1.1.9, y v1.2.x anterior a v1.2.5 permite a los atacantes remotos inyectar c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-1667",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-07-06T17:17:14.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/41319"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/41319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59993"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-15 03:57
Modified
2025-04-11 00:51
Severity ?
Summary
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13EA11E8-5A54-4A4B-BB70-E8F2CE243169",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF82733-11FD-41CB-9D5C-A81D891AD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC3515E-0923-40D8-A026-833DCAE47648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F7E30-71E4-41FC-883C-9E5DBF659A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image."
},
{
"lang": "es",
"value": "La funci\u00f3n get_dataroot_image_path en lib/file.php en Mahara anterior a v1.4.1 no valida adecuadamente la subida de imagenes, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de (1) imagen no v\u00e1lida o (2)grande."
}
],
"id": "CVE-2011-2772",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-15T03:57:56.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/mahara/+bug/784978"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/784978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-28 16:15
Modified
2024-11-21 06:59
Severity ?
Summary
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "576FDDFF-BE61-4621-B95B-DFB50B74EBE6",
"versionEndExcluding": "20.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31F4D98D-4AAD-45A9-AE8D-9C4A37ED2522",
"versionEndExcluding": "21.04.4",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E73354F6-11E7-4589-AAED-3BFB1953395D",
"versionEndExcluding": "21.10.2",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:22.04.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8CFBE34-BEF9-41D4-B909-F02C5D1690A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action."
},
{
"lang": "es",
"value": "Mahara versiones anteriores a 20.10.5, 21.04.4, 21.10.2 y 22.04.0, permite un ataque de tipo XSS almacenado cuando es usado una clase particular de Hojas de Estilo en Cascada (CSS) para embedly y es construido c\u00f3digo JavaScript para llevar a cabo una acci\u00f3n"
}
],
"id": "CVE-2022-29584",
"lastModified": "2024-11-21T06:59:21.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-28T16:15:08.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1968920"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1968920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9095"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 21:15
Modified
2025-09-05 16:58
Severity ?
Summary
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9594 | Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/view.php?id=43 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "402D24E6-C713-4FCA-B087-25EE7D35A147",
"versionEndExcluding": "23.04.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3AA4BB-0073-44DC-8E37-D62399B750A9",
"versionEndExcluding": "24.04.5",
"versionStartIncluding": "24.04.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Mahara 23.04.8 y 24.04.4. El uso de una URL de descarga de exportaci\u00f3n maliciosa puede permitir que un atacante descargue archivos para los que no tiene permiso."
}
],
"id": "CVE-2024-47192",
"lastModified": "2025-09-05T16:58:28.720",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-26T21:15:47.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9594"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/view.php?id=43"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-28 16:15
Modified
2024-11-21 06:58
Severity ?
Summary
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1930171 | Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=9094 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1930171 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=9094 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "576FDDFF-BE61-4621-B95B-DFB50B74EBE6",
"versionEndExcluding": "20.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31F4D98D-4AAD-45A9-AE8D-9C4A37ED2522",
"versionEndExcluding": "21.04.4",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E73354F6-11E7-4589-AAED-3BFB1953395D",
"versionEndExcluding": "21.10.2",
"versionStartIncluding": "21.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:22.04.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D8CFBE34-BEF9-41D4-B909-F02C5D1690A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable."
},
{
"lang": "es",
"value": "Mahara versiones anteriores a 20.10.5, 21.04.4, 21.10.2 y 22.04.0 es vulnerable a un ataque de tipo Cross Site Request Forgery (CSRF) porque los tokens generados aleatoriamente son muy f\u00e1ciles de adivinar"
}
],
"id": "CVE-2022-28892",
"lastModified": "2024-11-21T06:58:08.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-28T16:15:08.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930171"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-22 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4955B5E-76A8-45A5-BDED-82A2DF1C4A85",
"versionEndIncluding": "0.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Mahara anterior a 0.9.1 tiene un impacto desconocido y vectores de ataque remotos, probablemente relacionado con secuencias de comandos en sitios cruzados (XSS) en actualizaciones de archivos."
}
],
"id": "CVE-2008-0381",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-22T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28484"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27348"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://eduforge.org/frs/shownotes.php?release_id=342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://eduforge.org/frs/shownotes.php?release_id=342"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-28 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.0 | |
| mahara | mahara | 1.2.1 | |
| mahara | mahara | 1.2.2 | |
| mahara | mahara | 1.2.3 | |
| mahara | mahara | 1.2.4 | |
| mahara | mahara | 1.2.5 | |
| mahara | mahara | 1.2.6 | |
| mahara | mahara | 1.3.3 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.0 | |
| mahara | mahara | 1.3.1 | |
| mahara | mahara | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.2.x anteriores a v1.2.7 y v1.3.x anteriores a 1.3.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la caja de selecci\u00f3n de Pieforms.\r\n"
}
],
"id": "CVE-2011-0439",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-03-28T16:55:04.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3205"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43858"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47033"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-12 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFFBC19-844A-4F2A-81B0-95E722AA6EFC",
"versionEndIncluding": "1.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF82733-11FD-41CB-9D5C-A81D891AD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BC3515E-0923-40D8-A026-833DCAE47648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A17F7E30-71E4-41FC-883C-9E5DBF659A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3F7EC3-8285-4189-8452-4FF063886AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the \"Match username attribute to Remote username\" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto del plugin auth/SAML en Mahara antes de v1.4.2 establece el atributo \"Match Username to Remote Username\" a falso, lo que permite falsificar usuarios de otros servidores a los servidores remotos SAML IdP utilizando el mismo nombre de usuario interno."
}
],
"id": "CVE-2012-2351",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-12T20:55:15.670",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/mahara/+bug/932909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2012/dsa-2467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/mahara/+bug/932909"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
},
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4.0 | |
| mahara | mahara | 1.4.1 | |
| mahara | mahara | 1.4.2 | |
| mahara | mahara | 1.4.3 | |
| mahara | mahara | 1.4.4 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1DE181-B75C-49B1-AA87-0F0BA090E23B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en group/members.php in Mahara v1.4.x anterior a v1.4.5 y v1.5.x anterior a v1.5.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s vectores relacionados con artefact/file/ y un fichero SVG manipulado."
}
],
"id": "CVE-2012-2247",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-24T20:55:02.320",
"references": [
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "security@debian.org",
"url": "https://bugs.launchpad.net/mahara/+bug/1061980"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1061980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4938"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-30 19:29
Modified
2024-11-21 03:04
Severity ?
Summary
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1422492 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1422492 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C36CD6DC-F7CE-49D9-98BC-CB7BD78FC617",
"versionEndExcluding": "18.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user\u0027s ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 18.10.0 de Mahara. Manejaba de manera incorrecta las peticiones de los usuarios que pod\u00edan interrumpir la capacidad de un usuario de mantener su propia cuenta (cambiar el nombre de usuario, cambiar la direcci\u00f3n de correo electr\u00f3nico principal, eliminar la cuenta). El comportamiento correcto era pedirles su contrase\u00f1a y/o enviarles una advertencia a su direcci\u00f3n de correo electr\u00f3nico principal."
}
],
"id": "CVE-2017-1000141",
"lastModified": "2024-11-21T03:04:15.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-30T19:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1422492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1422492"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-23 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://mahara.org/interaction/forum/topic.php?id=753 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mahara.org/interaction/forum/topic.php?id=753 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user\u0027s artefact."
},
{
"lang": "es",
"value": "Mahara v1.1 antes de v1.1.5 no realiza comprobaciones de permisos al guardar una vista que contiene objetos, lo que permite a los usuarios remotos autenticados leer el objeto de otro usuario."
}
],
"id": "CVE-2009-2171",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-23T16:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=753"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4 | |
| mahara | mahara | 1.4.0 | |
| mahara | mahara | 1.4.1 | |
| mahara | mahara | 1.4.2 | |
| mahara | mahara | 1.4.3 | |
| mahara | mahara | 1.4.4 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5 | |
| mahara | mahara | 1.5.0 | |
| mahara | mahara | 1.5.1 | |
| mahara | mahara | 1.5.2 | |
| mahara | mahara | 1.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1DE181-B75C-49B1-AA87-0F0BA090E23B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DACA0DE-26D8-41C8-92DE-63CC348C6BB7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php."
},
{
"lang": "es",
"value": "Mahara v1.4.x anterior a v1.4.5 y v1.5.x anterior a v1.5.4 permite a atacantes remotos realizar ataques de clickjacking para eliminar usuarios arbitrarios y eludir la protecci\u00f3n CSRF trav\u00e9s de account/delete.php"
}
],
"id": "CVE-2012-2246",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-24T20:55:02.273",
"references": [
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "security@debian.org",
"url": "https://bugs.launchpad.net/mahara/+bug/1057240"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79273"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mahara/+bug/1057240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4939"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1404117 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1404117 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.8.6 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9C9686-29B7-4212-9BAD-E04FE0EB8B02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que un archivo .xml creado con fines maliciosos ejecute su c\u00f3digo cuando un usuario intenta descargar el archivo."
}
],
"id": "CVE-2017-1000140",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1404117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1404117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-09 16:15
Modified
2024-11-21 05:40
Severity ?
Summary
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1840201 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8589 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1840201 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8589 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87C3AD18-7468-4E09-A60C-DD3D3A307573",
"versionEndExcluding": "18.10.5",
"versionStartIncluding": "18.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9831C01A-2150-42FD-A019-AB7457F24555",
"versionEndExcluding": "19.04.4",
"versionStartIncluding": "19.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18CC7437-0234-44DE-9448-71504D2A0ECD",
"versionEndExcluding": "19.10.2",
"versionStartIncluding": "19.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore."
},
{
"lang": "es",
"value": "En Mahara versiones 18.10 anteriores a 18.10.5, versiones 19.04 anteriores a 19.04.4 y versiones 19.10 anteriores a 19.10.2, la informaci\u00f3n de metadatos de archivo es revelada a los miembros del grupo en la lista de resultados de Elasticsearch a pesar de que ya no tienen acceso a ese artefacto."
}
],
"id": "CVE-2020-9386",
"lastModified": "2024-11-21T05:40:32.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-09T16:15:16.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1840201"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1840201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8589"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-03 11:15
Modified
2024-11-21 06:24
Severity ?
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F1CC6-E05D-4D9F-9543-7777025E4BAB",
"versionEndExcluding": "20.04.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED5D80-651C-4B0E-81AC-DB23BF6DFCF9",
"versionEndExcluding": "20.10.3",
"versionStartIncluding": "20.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE88DE-CD36-4F04-AB37-D155FABD12B8",
"versionEndExcluding": "21.04.2",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D72713FC-A263-498A-A57F-7E5D21EA7A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5322D614-E2C7-4365-8E95-FFAC8BEBD3EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges."
},
{
"lang": "es",
"value": "En Mahara versiones anteriores a 20.04.5, 20.10.3, 21.04.2 y 21.10.0, la cuenta asociada a un token de servicios web es vulnerable a ser explotada y a iniciar sesi\u00f3n, resultando en una divulgaci\u00f3n de informaci\u00f3n (como m\u00ednimo) y a menudo en una escalada de privilegios"
}
],
"id": "CVE-2021-40849",
"lastModified": "2024-11-21T06:24:55.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-03T11:15:08.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930469"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8949"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-10 16:15
Modified
2024-11-21 06:49
Severity ?
Summary
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1959146 | Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8996 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1959146 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8996 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E157F-FBE3-46EB-80F5-CBE01BD54434",
"versionEndExcluding": "21.04.3",
"versionStartIncluding": "21.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:21.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E745A55-D026-40CC-B3D8-855E26013267",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known."
},
{
"lang": "es",
"value": "En Mahara versiones 21.04 anteriores a 21.04.3 y versiones 21.10 anteriores a 21.10.1, las carteras creadas en grupos que no han sido compartidas con miembros que no son del grupo y las carteras creadas en los niveles de sitio e instituci\u00f3n pueden ser visualizadas sin requerir un inicio de sesi\u00f3n si se conoce la URL de estas carteras"
}
],
"id": "CVE-2022-24111",
"lastModified": "2024-11-21T06:49:49.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-10T16:15:07.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1959146"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1959146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8996"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-07 17:29
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1817221 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://mahara.org/interaction/forum/topic.php?id=8445 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1817221 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mahara.org/interaction/forum/topic.php?id=8445 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA9054-9C40-4415-B723-732BBB7E8C85",
"versionEndExcluding": "17.10.8",
"versionStartIncluding": "17.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A60B16D5-4924-45E9-B71B-C8DF16C79360",
"versionEndExcluding": "18.04.4",
"versionStartIncluding": "18.04.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00E63397-B5EF-485D-BA1A-6FDA3827C3AD",
"versionEndExcluding": "18.10.1",
"versionStartIncluding": "18.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system."
},
{
"lang": "es",
"value": "Fue encontrado un problema en Mahara versi\u00f3n 17.10 anterior de 17.10.8, versi\u00f3n 18.04 anterior de 18.04.4 y versi\u00f3n 18.10 anterior de 18.10.1. Un administrador del sitio puede suspender al usuario del sistema (root), lo que conlleva a que todos los usuarios sean bloqueados fuera del sistema."
}
],
"id": "CVE-2019-9708",
"lastModified": "2024-11-21T04:52:08.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-07T17:29:00.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1817221"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1817221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8445"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C01C26-7C43-4778-BFA1-05745155A2BC",
"versionEndIncluding": "1.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6D7FB07-E62A-40FE-A7BE-C809E6460585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62BA0A1B-26BB-47B0-AA9E-5730E433675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3362126C-F6CB-4AB8-9490-C19E43D509D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B49D797-AF1B-4F7E-A71D-AABD0F802912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18048333-3E64-4AB4-9F20-2B1B8E7AB9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68167317-977B-48EE-9320-2A4539A93B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25DF09-D88F-4633-9956-D64E3497153F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E32430EE-5F2B-4936-A297-2DF55CC22937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC0259C-E628-4BBA-9D97-41A130B1E741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "974F2D63-488C-41D7-A627-BF9B085A8D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E26420D4-20D8-4D6D-88B5-C74F39B88720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "321475F4-1548-4FD1-BED9-12D944388FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F37005DE-BB31-4738-AC49-C3C2022AE8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA6F03B-F449-424E-A856-5BE5FB98814F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFDC009-9CEB-450C-8704-CA73B147F220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FECA6B74-605D-4FCD-9DC6-EDE197862E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "339D5D57-389C-4588-8347-61B69BB331B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4E6E53AF-528E-4FCA-9A14-762015D39D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F04D0414-78B8-4110-A05D-E3D42C46607C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "199ABBC1-BBAC-41BA-B70F-7B95C99D9B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "831676A2-1A33-4605-A5F4-97FAC8A1BB18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "84652E40-1C88-438D-BCA1-4FF4C069F9AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "08F53776-5F58-4C20-8FE7-9DF06F1704A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "D5D55D2C-E6E5-44A4-831A-3EAE5C1568CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "79228F92-00A8-4B74-A914-11BDF9641F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "9EEB3BF7-C4D3-4BB8-893F-B0FE252F0405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "3BE91ED4-EA2A-4402-813C-1A2E5B10EA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F7FB1F02-A03F-45E5-8D26-C007C10EE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A09C63AC-15A8-4722-B18E-98A86EC8A856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "62452677-EE4C-4E5E-9DD2-D11C4211DA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDC6F32-24C0-4B5E-8338-FF85B0BBF801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92848F08-EBFC-4579-A088-EC15D0B3EE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D8A87-390E-45AC-B1B0-CFD63C7F07E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6537E2-0A45-4CFB-82A4-5BF25E59C8DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF369-421F-4073-90D8-C67420CD4079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CB363CEB-6744-454A-88D4-D005E988ADCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C6DDF54D-8919-45F2-8B23-B5B1AD2FEE85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BAF00FF-8F66-4C6A-B88B-810F2DC96A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "ED69BC0A-7C5F-4914-8030-B8FD113AEA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "4A62AC27-3F69-4705-8C66-CBAED72A9EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "299920CB-3F4D-44C9-B0DB-E903C9DC1EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49753C3B-2025-497A-AF5F-30949ACD0742",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3E5CFB7A-3C90-4394-BECA-7C31D06A69E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8C767369-1F19-44C7-A8E8-EEA7C52DF1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E115E0FC-B489-4294-ACF7-59C693602AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A8C9CDAB-9F01-42CE-AB1F-CC81B2D145EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604DD0C5-7432-45AB-AA7C-F6018F2CC479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4397E8D-502A-41B5-AE03-223616BA7A80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C25DD02-C589-4A65-A87D-73BB0392D964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FDB8082-B11B-4485-92AC-B7F9088D7E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08A0B2A1-A3AB-4EFC-BE3D-57D38B315107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "016E86B6-B450-499B-852C-A68803127936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C602276-C0AE-46EC-972E-0D32C31AEFA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "69B261E9-9F73-442C-A234-8E95A72BE0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "71E57083-FAC5-4F98-AFB4-7449D38396FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8DCBBD59-FB74-420C-A652-7B392A0DA468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "F0626B4E-1A96-4FD3-B3A9-A99B4DEC52EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B54F4801-9C4D-47CA-AE0E-022AEA212D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7BED57-573D-4F3E-923A-C7ECF2C7B2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41ED313-9CB3-4BBB-9FAF-737FFE7CBD9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0262773C-58A6-4706-B5A2-5C60EC798A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9525B6E-A870-499E-9E73-FEBB3880ADC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login."
},
{
"lang": "es",
"value": "Mahara antes de v1.3.6 no controla correctamente una direcci\u00f3n URL https en la configuraci\u00f3n de las opciones de wwwroot, que facilita a los atacantes remotos asistidos por el usuario a obtener las credenciales por la escucha de la red en el momento en que se realiza la conexi\u00f3n mediante una URL http."
}
],
"id": "CVE-2011-1406",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-13T22:55:01.860",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67400"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/685942"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+bug/685942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-03 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mahara/+bug/1425306 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mahara/+bug/1425306 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8 | |
| mahara | mahara | 1.8.0 | |
| mahara | mahara | 1.8.1 | |
| mahara | mahara | 1.8.2 | |
| mahara | mahara | 1.8.3 | |
| mahara | mahara | 1.8.4 | |
| mahara | mahara | 1.8.5 | |
| mahara | mahara | 1.8.6 | |
| mahara | mahara | 1.9 | |
| mahara | mahara | 1.9.0 | |
| mahara | mahara | 1.9.1 | |
| mahara | mahara | 1.9.2 | |
| mahara | mahara | 1.9.3 | |
| mahara | mahara | 1.9.4 | |
| mahara | mahara | 1.10 | |
| mahara | mahara | 1.10.0 | |
| mahara | mahara | 1.10.1 | |
| mahara | mahara | 1.10.2 | |
| mahara | mahara | 15.04 | |
| mahara | mahara | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "46815EDD-C3F1-4B87-AC7F-9CCB9DDFF5AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7A2E3A2C-80F5-477E-BAC3-8217A71A367B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795681EE-1AE9-4451-9C65-7EDF39D8D92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F877AEB-A0F7-48D6-9094-09F12709D6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37164355-787F-43A0-A9BD-F4E56762940F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0EE103-8CDB-43CF-975F-A07762F0E958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD8ADD1-C3AE-47DE-9FE2-48094ABDE3FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "871F1DFC-3977-4C6A-80AA-7E4131678215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE9C9686-29B7-4212-9BAD-E04FE0EB8B02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9375A9FA-C9B9-4406-937E-1FE1EC1EC3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "03B93CE4-1D7F-49AF-AC56-8DFF01609099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89FE6330-10AD-4B30-AF0A-71635AB99B3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F4BFE6-A72F-4FAB-B975-EF1878767595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D937990-6958-4CD6-B976-E23C20567559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A3852023-B803-418C-BA1D-9545C9FDC44B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1AF92381-863A-4D44-84B3-6116B15A6FD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDFBD79-ECF1-4AB2-8AA9-93E001AF5749",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23092107-1709-43B2-AC94-3A53474CBEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D5925E46-8A92-4A67-A8F6-7DF05C34BB55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCE2F6EE-06BE-4665-BA7B-AB6C97DAE02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*",
"matchCriteriaId": "313A5DDA-204F-4ED3-BE22-FA0D8A239BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation."
},
{
"lang": "es",
"value": "Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que los usuarios puedan borrar la p\u00e1gina que han enviado mediante la manipulaci\u00f3n de URL"
}
],
"id": "CVE-2017-1000142",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-03T18:29:00.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1425306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1425306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-1405 (GCVE-0-2011-1405)
Vulnerability from cvelistv5
Published
2011-05-13 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/mahara/+milestone/1.3.6 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67399 | vdb-entry, x_refsource_XF | |
| https://launchpad.net/mahara/+bug/772860 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47798 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/44433 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2011/dsa-2246 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "mahara-email-fields-xss(67399)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67399"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/772860"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44433"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "mahara-email-fields-xss(67399)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67399"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/772860"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44433"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/mahara/+milestone/1.3.6",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "mahara-email-fields-xss(67399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67399"
},
{
"name": "https://launchpad.net/mahara/+bug/772860",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772860"
},
{
"name": "47798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44433"
},
{
"name": "DSA-2246",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1405",
"datePublished": "2011-05-13T22:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29584 (GCVE-0-2022-29584)
Vulnerability from cvelistv5
Published
2022-04-28 15:26
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1968920 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=9095 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1968920"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T15:26:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1968920"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1968920",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1968920"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=9095",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=9095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29584",
"datePublished": "2022-04-28T15:26:15",
"dateReserved": "2022-04-22T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1670 (GCVE-0-2010-1670)
Vulnerability from cvelistv5
Published
2010-07-06 17:00
Modified
2024-09-16 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wiki.mahara.org/Release_Notes/1.1.9 | x_refsource_CONFIRM | |
| http://wiki.mahara.org/Release_Notes/1.2.5 | x_refsource_CONFIRM | |
| http://wiki.mahara.org/Release_Notes/1.0.15 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40431 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/41319 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:52.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-06T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers to bypass authentication via an empty password. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.mahara.org/Release_Notes/1.1.9",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.2.5",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.0.15",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1670",
"datePublished": "2010-07-06T17:00:00Z",
"dateReserved": "2010-04-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:22:46.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000155 (GCVE-0-2017-1000155)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the "default" or used in any pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1600069 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1600069"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user\u0027s uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the \"default\" or used in any pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1600069"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.366861",
"ID": "CVE-2017-1000155",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user\u0027s uploaded profile pictures to be viewable by anyone, whether or not they were currently selected as the \"default\" or used in any pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1600069",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1600069"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000155",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29349 (GCVE-0-2021-29349)
Vulnerability from cvelistv5
Published
2021-03-31 22:31
Modified
2024-08-03 22:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/0xBaz/CVE-2021-29349/issues/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/0xBaz/CVE-2021-29349/issues/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-31T22:31:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/0xBaz/CVE-2021-29349/issues/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/0xBaz/CVE-2021-29349/issues/1",
"refsource": "MISC",
"url": "https://github.com/0xBaz/CVE-2021-29349/issues/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29349",
"datePublished": "2021-03-31T22:31:41",
"dateReserved": "2021-03-29T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000131 (GCVE-0-2017-1000131)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1084336 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1084336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1084336"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.344430",
"ID": "CVE-2017-1000131",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1084336",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1084336"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000131",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14163 (GCVE-0-2017-14163)
Vulnerability from cvelistv5
Published
2017-10-31 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1701978 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1701978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the \u0027mahara\u0027 cookie to the old value, they can get access to the user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-31T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1701978"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the \u0027mahara\u0027 cookie to the old value, they can get access to the user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1701978",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1701978"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14163",
"datePublished": "2017-10-31T18:00:00",
"dateReserved": "2017-09-06T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2237 (GCVE-0-2012-2237)
Vulnerability from cvelistv5
Published
2019-11-13 18:57
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1009774 | x_refsource_MISC | |
| https://bugs.launchpad.net/mahara/+bug/1009777 | x_refsource_MISC | |
| https://bugs.launchpad.net/mahara/+bug/1009784 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=4748 | x_refsource_MISC | |
| http://www.debian.org/security/2012/dsa-2540 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009774"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009784"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mahara",
"vendor": "Mahara",
"versions": [
{
"status": "affected",
"version": "1.4.x before 1.4.3 and 1.5.x before 1.5.2"
}
]
}
],
"datePublic": "2012-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T18:57:55",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009774"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1009784"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.debian.org/security/2012/dsa-2540"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mahara",
"version": {
"version_data": [
{
"version_value": "1.4.x before 1.4.3 and 1.5.x before 1.5.2"
}
]
}
}
]
},
"vendor_name": "Mahara"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1009774",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1009774"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1009777",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1009777"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1009784",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1009784"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4748",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=4748"
},
{
"name": "http://www.debian.org/security/2012/dsa-2540",
"refsource": "MISC",
"url": "http://www.debian.org/security/2012/dsa-2540"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2237",
"datePublished": "2019-11-13T18:57:55",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33913 (GCVE-0-2022-33913)
Vulnerability from cvelistv5
Published
2022-06-20 15:26
Modified
2024-08-03 08:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=9138 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T15:26:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9138"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=9138",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=9138"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33913",
"datePublished": "2022-06-20T15:26:25",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4430 (GCVE-0-2013-4430)
Vulnerability from cvelistv5
Published
2014-05-19 14:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1175446 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/08/3 | mailing-list, x_refsource_MLIST | |
| https://mahara.org/interaction/forum/topic.php?id=5754 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/15/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/10/16/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1175446"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5754"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1175446"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5754"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1175446",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1175446"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=5754",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=5754"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4430",
"datePublished": "2014-05-19T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15907 (GCVE-0-2020-15907)
Vulnerability from cvelistv5
Published
2020-08-07 19:39
Modified
2024-08-04 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1888163 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8668 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:23.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1888163"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-07T19:39:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1888163"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1888163",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1888163"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8668",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15907",
"datePublished": "2020-08-07T19:39:08",
"dateReserved": "2020-07-23T00:00:00",
"dateUpdated": "2024-08-04T13:30:23.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2773 (GCVE-0-2011-2773)
Vulnerability from cvelistv5
Published
2011-11-15 02:00
Modified
2024-09-16 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/800032 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+milestone/1.4.1 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2334 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/46719 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:30.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/800032"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-15T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/800032"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/800032",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/800032"
},
{
"name": "https://launchpad.net/mahara/+milestone/1.4.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "DSA-2334",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "46719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2773",
"datePublished": "2011-11-15T02:00:00Z",
"dateReserved": "2011-07-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:48:36.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000136 (GCVE-0-2017-1000136)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1363873 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1363873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1363873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.348607",
"ID": "CVE-2017-1000136",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1363873",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1363873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000136",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000141 (GCVE-0-2017-1000141)
Vulnerability from cvelistv5
Published
2018-01-30 19:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1422492 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1422492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2018-03-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user\u0027s ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-31T02:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1422492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.353114",
"ID": "CVE-2017-1000141",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC",
"STATE_DETAIL": "BAD_REF_URL"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user\u0027s ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1422492",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1422492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000141",
"datePublished": "2018-01-30T19:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1402 (GCVE-0-2011-1402)
Vulnerability from cvelistv5
Published
2011-05-13 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/mahara/+milestone/1.3.6 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/771637 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/771623 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/771614 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67397 | vdb-entry, x_refsource_XF | |
| https://launchpad.net/mahara/+bug/746182 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/771592 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/771644 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67396 | vdb-entry, x_refsource_XF | |
| https://launchpad.net/mahara/+bug/772140 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47798 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/44433 | third-party-advisory, x_refsource_SECUNIA | |
| https://launchpad.net/mahara/+bug/771653 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2246 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/771637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/771623"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/771614"
},
{
"name": "mahara-searchjson-sec-bypass(67397)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67397"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/746182"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/771592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/771644"
},
{
"name": "mahara-newviewtokenjson-sec-bypass(67396)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67396"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/771653"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/771637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/771623"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/771614"
},
{
"name": "mahara-searchjson-sec-bypass(67397)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67397"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/746182"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/771592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/771644"
},
{
"name": "mahara-newviewtokenjson-sec-bypass(67396)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67396"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/771653"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/mahara/+milestone/1.3.6",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "https://launchpad.net/mahara/+bug/771637",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/771637"
},
{
"name": "https://launchpad.net/mahara/+bug/771623",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/771623"
},
{
"name": "https://launchpad.net/mahara/+bug/771614",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/771614"
},
{
"name": "mahara-searchjson-sec-bypass(67397)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67397"
},
{
"name": "https://launchpad.net/mahara/+bug/746182",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/746182"
},
{
"name": "https://launchpad.net/mahara/+bug/771592",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/771592"
},
{
"name": "https://launchpad.net/mahara/+bug/771644",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/771644"
},
{
"name": "mahara-newviewtokenjson-sec-bypass(67396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67396"
},
{
"name": "https://launchpad.net/mahara/+bug/772140",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"name": "47798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44433"
},
{
"name": "https://launchpad.net/mahara/+bug/771653",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/771653"
},
{
"name": "DSA-2246",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1402",
"datePublished": "2011-05-13T22:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45133 (GCVE-0-2022-45133)
Vulnerability from cvelistv5
Published
2025-08-22 00:00
Modified
2025-08-25 15:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T15:45:39.819349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-26",
"description": "CWE-26 Path Traversal: \u0027/dir/../filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T15:53:30.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T20:27:13.952Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/mahara/+bug/1995819"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45133",
"datePublished": "2025-08-22T00:00:00.000Z",
"dateReserved": "2022-11-10T00:00:00.000Z",
"dateUpdated": "2025-08-25T15:53:30.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000145 (GCVE-0-2017-1000145)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1460368 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1460368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1460368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.356736",
"ID": "CVE-2017-1000145",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1460368",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1460368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000145",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0381 (GCVE-0-2008-0381)
Vulnerability from cvelistv5
Published
2008-01-22 19:00
Modified
2024-09-16 21:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/28484 | third-party-advisory, x_refsource_SECUNIA | |
| https://eduforge.org/frs/shownotes.php?release_id=342 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/27348 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://eduforge.org/frs/shownotes.php?release_id=342"
},
{
"name": "27348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-22T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28484",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://eduforge.org/frs/shownotes.php?release_id=342"
},
{
"name": "27348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28484"
},
{
"name": "https://eduforge.org/frs/shownotes.php?release_id=342",
"refsource": "CONFIRM",
"url": "https://eduforge.org/frs/shownotes.php?release_id=342"
},
{
"name": "27348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0381",
"datePublished": "2008-01-22T19:00:00Z",
"dateReserved": "2008-01-22T00:00:00Z",
"dateUpdated": "2024-09-16T21:56:40.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2171 (GCVE-0-2009-2171)
Vulnerability from cvelistv5
Published
2009-06-23 16:00
Modified
2024-09-16 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mahara.org/interaction/forum/topic.php?id=753 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:54.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user\u0027s artefact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user\u0027s artefact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mahara.org/interaction/forum/topic.php?id=753",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2171",
"datePublished": "2009-06-23T16:00:00Z",
"dateReserved": "2009-06-23T00:00:00Z",
"dateUpdated": "2024-09-16T20:16:25.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000156 (GCVE-0-2017-1000156)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1609200 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1609200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group\u0027s configuration page being editable by any group member even when they didn\u0027t have the admin role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1609200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.368829",
"ID": "CVE-2017-1000156",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group\u0027s configuration page being editable by any group member even when they didn\u0027t have the admin role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1609200",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1609200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000156",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2771 (GCVE-0-2011-2771)
Vulnerability from cvelistv5
Published
2011-11-15 02:00
Modified
2024-09-17 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+milestone/1.4.1 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2334 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/mahara/+bug/798136 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46719 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:30.824Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/798136"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-15T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/798136"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"name": "https://launchpad.net/mahara/+milestone/1.4.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "DSA-2334",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/798136",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/798136"
},
{
"name": "46719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2771",
"datePublished": "2011-11-15T02:00:00Z",
"dateReserved": "2011-07-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:22.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2244 (GCVE-0-2012-2244)
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2591 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/mahara/+bug/1057238 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=4936 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1057238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1057238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1057238",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1057238"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4936",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2244",
"datePublished": "2012-11-24T20:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000140 (GCVE-0-2017-1000140)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1404117 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1404117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1404117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.351746",
"ID": "CVE-2017-1000140",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1404117",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1404117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000140",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15273 (GCVE-0-2017-15273)
Vulnerability from cvelistv5
Published
2017-10-31 18:00
Modified
2024-08-05 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=8081 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1719480 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1719472 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1720034 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8081"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719472"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1720034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-31T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8081"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719472"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1720034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8081",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8081"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1719480",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1719480"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1719472",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1719472"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1720034",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1720034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15273",
"datePublished": "2017-10-31T18:00:00",
"dateReserved": "2017-10-11T00:00:00",
"dateUpdated": "2024-08-05T19:50:16.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1426 (GCVE-0-2013-1426)
Vulnerability from cvelistv5
Published
2019-11-07 20:46
Modified
2024-08-06 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-Site Scripting
Summary
Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2013-1426 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=5365 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1153423 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5365"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1153423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mahara",
"vendor": "mahara",
"versions": [
{
"status": "affected",
"version": "1.5.9"
}
]
}
],
"datePublic": "2013-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T20:46:19",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5365"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1153423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mahara",
"version": {
"version_data": [
{
"version_value": "1.5.9"
}
]
}
}
]
},
"vendor_name": "mahara"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1426",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1426"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=5365",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=5365"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1153423",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1153423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2013-1426",
"datePublished": "2019-11-07T20:46:19",
"dateReserved": "2013-01-26T00:00:00",
"dateUpdated": "2024-08-06T15:04:48.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3299 (GCVE-0-2009-3299)
Vulnerability from cvelistv5
Published
2009-11-03 16:00
Modified
2024-09-16 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/36892 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/59583 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2009/3101 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/37218 | third-party-advisory, x_refsource_SECUNIA | |
| http://eduforge.org/frs/shownotes.php?release_id=546 | x_refsource_CONFIRM | |
| http://eduforge.org/frs/shownotes.php?release_id=547 | x_refsource_CONFIRM | |
| http://mahara.org/interaction/forum/topic.php?id=1170 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37217 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1924 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:24.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36892"
},
{
"name": "59583",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59583"
},
{
"name": "ADV-2009-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"name": "37218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=1170"
},
{
"name": "37217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37217"
},
{
"name": "DSA-1924",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-03T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36892"
},
{
"name": "59583",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59583"
},
{
"name": "ADV-2009-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"name": "37218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=1170"
},
{
"name": "37217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37217"
},
{
"name": "DSA-1924",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36892"
},
{
"name": "59583",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59583"
},
{
"name": "ADV-2009-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"name": "37218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37218"
},
{
"name": "http://eduforge.org/frs/shownotes.php?release_id=546",
"refsource": "CONFIRM",
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"name": "http://eduforge.org/frs/shownotes.php?release_id=547",
"refsource": "CONFIRM",
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"name": "http://mahara.org/interaction/forum/topic.php?id=1170",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=1170"
},
{
"name": "37217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37217"
},
{
"name": "DSA-1924",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3299",
"datePublished": "2009-11-03T16:00:00Z",
"dateReserved": "2009-09-22T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:38.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9709 (GCVE-0-2019-9709)
Vulnerability from cvelistv5
Published
2019-05-07 13:58
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/bugs/1819547 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=8446 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1819547"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8446"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection\u0027s SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T13:58:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/bugs/1819547"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8446"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection\u0027s SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/bugs/1819547",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/1819547"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8446",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8446"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9709",
"datePublished": "2019-05-07T13:58:24",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000157 (GCVE-0-2017-1000157)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1692749 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1692749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1692749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.369977",
"ID": "CVE-2017-1000157",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1692749",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1692749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000157",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000147 (GCVE-0-2017-1000147)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1480329 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1480329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara\u0027s filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1480329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.358633",
"ID": "CVE-2017-1000147",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara\u0027s filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1480329",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1480329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000147",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000148 (GCVE-0-2017-1000148)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1508684 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1508684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP \"unserialize()\" function when importing a skin from an XML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1508684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.359481",
"ID": "CVE-2017-1000148",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP \"unserialize()\" function when importing a skin from an XML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1508684",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1508684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000148",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43264 (GCVE-0-2021-43264)
Vulnerability from cvelistv5
Published
2021-11-02 21:55
Modified
2024-08-04 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1944979 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8954 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8954"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:03:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8954"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1944979",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1944979"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8954",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8954"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43264",
"datePublished": "2021-11-02T21:55:22",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2253 (GCVE-0-2012-2253)
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2591 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/mahara/+bug/1079498 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=5076 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/51404 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:09.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1079498"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5076"
},
{
"name": "51404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1079498"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5076"
},
{
"name": "51404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1079498",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1079498"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=5076",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=5076"
},
{
"name": "51404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2253",
"datePublished": "2012-11-24T20:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:09.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9386 (GCVE-0-2020-9386)
Vulnerability from cvelistv5
Published
2020-03-09 14:14
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1840201 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8589 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1840201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-13T13:34:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1840201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1840201",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1840201"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8589",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9386",
"datePublished": "2020-03-09T14:14:43",
"dateReserved": "2020-02-25T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0439 (GCVE-0-2011-0439)
Vulnerability from cvelistv5
Published
2011-03-28 16:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mahara.org/interaction/forum/topic.php?id=3208 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2206 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/47033 | vdb-entry, x_refsource_BID | |
| http://mahara.org/interaction/forum/topic.php?id=3205 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66327 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/43858 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name": "DSA-2206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"name": "47033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3205"
},
{
"name": "mahara-pieform-xss(66327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327"
},
{
"name": "43858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name": "DSA-2206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"name": "47033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3205"
},
{
"name": "mahara-pieform-xss(66327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327"
},
{
"name": "43858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43858"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mahara.org/interaction/forum/topic.php?id=3208",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name": "DSA-2206",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"name": "47033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47033"
},
{
"name": "http://mahara.org/interaction/forum/topic.php?id=3205",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=3205"
},
{
"name": "mahara-pieform-xss(66327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66327"
},
{
"name": "43858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43858"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0439",
"datePublished": "2011-03-28T16:00:00",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47799 (GCVE-0-2023-47799)
Vulnerability from cvelistv5
Published
2025-08-25 00:00
Modified
2025-08-25 20:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-47799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:39:00.030128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:39:28.708Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T13:24:19.832Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.mahara.org/catalyst-security/mahara-security/-/issues/2"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47799",
"datePublished": "2025-08-25T00:00:00.000Z",
"dateReserved": "2023-11-10T00:00:00.000Z",
"dateUpdated": "2025-08-25T20:39:28.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45134 (GCVE-0-2022-45134)
Vulnerability from cvelistv5
Published
2025-08-22 00:00
Modified
2025-08-26 14:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T13:08:31.025526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:07:13.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 deserializes user input unsafely during skin import. A particularly structured XML file could cause code execution when being processed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T19:13:13.865Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/mahara/+bug/1993082"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9353"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45134",
"datePublished": "2025-08-22T00:00:00.000Z",
"dateReserved": "2022-11-10T00:00:00.000Z",
"dateUpdated": "2025-08-26T14:07:13.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000146 (GCVE-0-2017-1000146)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1472439 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1472439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1472439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.357751",
"ID": "CVE-2017-1000146",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1472439",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1472439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000146",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0660 (GCVE-0-2009-0660)
Vulnerability from cvelistv5
Published
2009-03-11 14:00
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mahara.org/interaction/forum/topic.php?id=350 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/34231 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34064 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34222 | third-party-advisory, x_refsource_SECUNIA | |
| http://wiki.mahara.org/Release_Notes/1.1.2 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/0665 | vdb-entry, x_refsource_VUPEN | |
| http://www.debian.org/security/2009/dsa-1736 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49168 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=350"
},
{
"name": "34231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34231"
},
{
"name": "34064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34064"
},
{
"name": "34222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.2"
},
{
"name": "ADV-2009-0665",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0665"
},
{
"name": "DSA-1736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1736"
},
{
"name": "mahara-userprofile-xss(49168)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=350"
},
{
"name": "34231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34231"
},
{
"name": "34064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34064"
},
{
"name": "34222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.2"
},
{
"name": "ADV-2009-0665",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0665"
},
{
"name": "DSA-1736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1736"
},
{
"name": "mahara-userprofile-xss(49168)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mahara.org/interaction/forum/topic.php?id=350",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=350"
},
{
"name": "34231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34231"
},
{
"name": "34064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34064"
},
{
"name": "34222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34222"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.1.2",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.1.2"
},
{
"name": "ADV-2009-0665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0665"
},
{
"name": "DSA-1736",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1736"
},
{
"name": "mahara-userprofile-xss(49168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0660",
"datePublished": "2009-03-11T14:00:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000138 (GCVE-0-2017-1000138)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1377736 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1377736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1377736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.350298",
"ID": "CVE-2017-1000138",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1377736",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1377736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000138",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000143 (GCVE-0-2017-1000143)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1429647 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1429647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1429647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.354856",
"ID": "CVE-2017-1000143",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1429647",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1429647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000143",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000151 (GCVE-0-2017-1000151)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1570221 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570221"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.362366",
"ID": "CVE-2017-1000151",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1570221",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1570221"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000151",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1403 (GCVE-0-2011-1403)
Vulnerability from cvelistv5
Published
2011-05-13 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/mahara/+milestone/1.3.6 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/771598 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67398 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/47798 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/44433 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2011/dsa-2246 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/771598"
},
{
"name": "mahara-unspecified-csrf(67398)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67398"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44433"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/771598"
},
{
"name": "mahara-unspecified-csrf(67398)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67398"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44433"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/mahara/+milestone/1.3.6",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "https://launchpad.net/mahara/+bug/771598",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/771598"
},
{
"name": "mahara-unspecified-csrf(67398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67398"
},
{
"name": "47798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44433"
},
{
"name": "DSA-2246",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1403",
"datePublished": "2011-05-13T22:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4429 (GCVE-0-2013-4429)
Vulnerability from cvelistv5
Published
2014-05-19 14:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=5753 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/08/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/10/15/1 | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/mahara/+bug/1211758 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/16/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1211758"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1211758"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=5753",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1211758",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1211758"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4429",
"datePublished": "2014-05-19T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17454 (GCVE-0-2017-17454)
Vulnerability from cvelistv5
Published
2018-02-20 22:00
Modified
2024-08-05 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=8149 | x_refsource_CONFIRM | |
| https://reviews.mahara.org/#/c/8191/ | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1732987 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://reviews.mahara.org/#/c/8191/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1732987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-20T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://reviews.mahara.org/#/c/8191/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1732987"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters. These are now going to be discarded in Mahara along with NULL characters and invalid Unicode characters. Mahara will also avoid direct $_GET and $_POST usage where possible, and instead use param_exists() and the correct param_*() function to fetch the expected value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8149",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8149"
},
{
"name": "https://reviews.mahara.org/#/c/8191/",
"refsource": "CONFIRM",
"url": "https://reviews.mahara.org/#/c/8191/"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1732987",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1732987"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17454",
"datePublished": "2018-02-20T22:00:00",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6182 (GCVE-0-2018-6182)
Vulnerability from cvelistv5
Published
2018-04-09 20:00
Modified
2024-08-05 05:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1744789 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=8215 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:53.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1744789"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8215"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE\u0027s code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-09T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1744789"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8215"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE\u0027s code stripping alone but also clean input on the server / PHP side as one can create own packets of POST data containing bad content with which to hit the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1744789",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1744789"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8215",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8215"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6182",
"datePublished": "2018-04-09T20:00:00",
"dateReserved": "2018-01-24T00:00:00",
"dateUpdated": "2024-08-05T05:54:53.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9708 (GCVE-0-2019-9708)
Vulnerability from cvelistv5
Published
2019-05-07 16:53
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1817221 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=8445 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1817221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-07T16:53:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1817221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. A site administrator can suspend the system user (root), causing all users to be locked out from the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1817221",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1817221"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8445",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9708",
"datePublished": "2019-05-07T16:53:21",
"dateReserved": "2019-03-11T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000142 (GCVE-0-2017-1000142)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1425306 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1425306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1425306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.353953",
"ID": "CVE-2017-1000142",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1425306",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1425306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000142",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11565 (GCVE-0-2018-11565)
Vulnerability from cvelistv5
Published
2018-05-30 21:00
Modified
2024-08-05 08:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=8271 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1772774 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8271"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1772774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-31T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8271"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1772774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking that information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8271",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8271"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1772774",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1772774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11565",
"datePublished": "2018-05-30T21:00:00",
"dateReserved": "2018-05-30T00:00:00",
"dateUpdated": "2024-08-05T08:10:14.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0487 (GCVE-0-2009-0487)
Vulnerability from cvelistv5
Published
2009-02-09 20:00
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48518 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/33619 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/33813 | third-party-advisory, x_refsource_SECUNIA | |
| http://mahara.org/interaction/forum/topic.php?id=198 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:03.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mahara-unspecified-xss(48518)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48518"
},
{
"name": "33619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33619"
},
{
"name": "33813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33813"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=198"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mahara-unspecified-xss(48518)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48518"
},
{
"name": "33619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33619"
},
{
"name": "33813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33813"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=198"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mahara-unspecified-xss(48518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48518"
},
{
"name": "33619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33619"
},
{
"name": "33813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33813"
},
{
"name": "http://mahara.org/interaction/forum/topic.php?id=198",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=198"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0487",
"datePublished": "2009-02-09T20:00:00",
"dateReserved": "2009-02-09T00:00:00",
"dateUpdated": "2024-08-07T04:40:03.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40848 (GCVE-0-2021-40848)
Vulnerability from cvelistv5
Published
2021-11-03 10:11
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1930471 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8950 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-03T10:11:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1930471",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1930471"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8950",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40848",
"datePublished": "2021-11-03T10:11:45",
"dateReserved": "2021-09-10T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1667 (GCVE-0-2010-1667)
Vulnerability from cvelistv5
Published
2010-07-06 17:00
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wiki.mahara.org/Release_Notes/1.1.9 | x_refsource_CONFIRM | |
| http://wiki.mahara.org/Release_Notes/1.2.5 | x_refsource_CONFIRM | |
| http://wiki.mahara.org/Release_Notes/1.0.15 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40431 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59993 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/41319 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:43.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "mahara-multiple-unspecified-xss(59993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59993"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "mahara-multiple-unspecified-xss(59993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59993"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.mahara.org/Release_Notes/1.1.9",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.2.5",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.0.15",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40431"
},
{
"name": "mahara-multiple-unspecified-xss(59993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59993"
},
{
"name": "41319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1667",
"datePublished": "2010-07-06T17:00:00",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:28:43.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000144 (GCVE-0-2017-1000144)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1447377 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1447377"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1447377"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.355678",
"ID": "CVE-2017-1000144",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1447377",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1447377"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000144",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42707 (GCVE-0-2022-42707)
Vulnerability from cvelistv5
Published
2022-11-06 00:00
Modified
2025-05-02 18:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:41.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1991157"
},
{
"tags": [
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9199"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:40:59.967077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:41:04.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/mahara/+bug/1991157"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9199"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42707",
"datePublished": "2022-11-06T00:00:00.000Z",
"dateReserved": "2022-10-10T00:00:00.000Z",
"dateUpdated": "2025-05-02T18:41:04.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14752 (GCVE-0-2017-14752)
Vulnerability from cvelistv5
Published
2017-10-31 18:00
Modified
2024-08-05 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1719491 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-31T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1719491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1719491",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1719491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14752",
"datePublished": "2017-10-31T18:00:00",
"dateReserved": "2017-09-26T00:00:00",
"dateUpdated": "2024-08-05T19:34:39.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4432 (GCVE-0-2013-4432)
Vulnerability from cvelistv5
Published
2014-05-19 14:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2013/10/08/3 | mailing-list, x_refsource_MLIST | |
| https://mahara.org/interaction/forum/topic.php?id=5864 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/15/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/10/16/7 | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/mahara/+bug/1034180 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5864"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1034180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5864"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1034180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=5864",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=5864"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1034180",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1034180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4432",
"datePublished": "2014-05-19T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24111 (GCVE-0-2022-24111)
Vulnerability from cvelistv5
Published
2022-02-10 16:01
Modified
2024-08-03 03:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1959146 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8996 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1959146"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T16:01:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1959146"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1959146",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1959146"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8996",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24111",
"datePublished": "2022-02-10T16:01:03",
"dateReserved": "2022-01-28T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45753 (GCVE-0-2024-45753)
Vulnerability from cvelistv5
Published
2025-08-26 00:00
Modified
2025-08-26 15:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T15:27:43.274437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:28:07.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:00:53.990Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mahara.org"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9594"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45753",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2024-09-06T00:00:00.000Z",
"dateUpdated": "2025-08-26T15:28:07.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3298 (GCVE-0-2009-3298)
Vulnerability from cvelistv5
Published
2009-11-03 16:00
Modified
2024-09-16 22:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/59584 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2009/3101 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/37218 | third-party-advisory, x_refsource_SECUNIA | |
| http://eduforge.org/frs/shownotes.php?release_id=546 | x_refsource_CONFIRM | |
| http://eduforge.org/frs/shownotes.php?release_id=547 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37217 | third-party-advisory, x_refsource_SECUNIA | |
| http://mahara.org/interaction/forum/topic.php?id=1169 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2009/dsa-1924 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/36893 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:22:24.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59584"
},
{
"name": "ADV-2009-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"name": "37218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37218"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"name": "37217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37217"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=1169"
},
{
"name": "DSA-1924",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1924"
},
{
"name": "36893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-11-03T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "59584",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59584"
},
{
"name": "ADV-2009-3101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"name": "37218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37218"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"name": "37217",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37217"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=1169"
},
{
"name": "DSA-1924",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1924"
},
{
"name": "36893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59584",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59584"
},
{
"name": "ADV-2009-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3101"
},
{
"name": "37218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37218"
},
{
"name": "http://eduforge.org/frs/shownotes.php?release_id=546",
"refsource": "CONFIRM",
"url": "http://eduforge.org/frs/shownotes.php?release_id=546"
},
{
"name": "http://eduforge.org/frs/shownotes.php?release_id=547",
"refsource": "CONFIRM",
"url": "http://eduforge.org/frs/shownotes.php?release_id=547"
},
{
"name": "37217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37217"
},
{
"name": "http://mahara.org/interaction/forum/topic.php?id=1169",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=1169"
},
{
"name": "DSA-1924",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1924"
},
{
"name": "36893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3298",
"datePublished": "2009-11-03T16:00:00Z",
"dateReserved": "2009-09-22T00:00:00Z",
"dateUpdated": "2024-09-16T22:50:27.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24694 (GCVE-0-2022-24694)
Vulnerability from cvelistv5
Published
2022-02-09 04:31
Modified
2024-08-03 04:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1952808 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8994 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1952808"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8994"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-10T14:15:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1952808"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8994"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1952808",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1952808"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8994",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8994"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24694",
"datePublished": "2022-02-09T04:31:50",
"dateReserved": "2022-02-09T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1669 (GCVE-0-2010-1669)
Vulnerability from cvelistv5
Published
2010-07-06 17:00
Modified
2024-08-07 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wiki.mahara.org/Release_Notes/1.1.9 | x_refsource_CONFIRM | |
| http://wiki.mahara.org/Release_Notes/1.2.5 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59995 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/40431 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/41319 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:52.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "mahara-unspecified-sql-injection(59995)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59995"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "mahara-unspecified-sql-injection(59995)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59995"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.mahara.org/Release_Notes/1.1.9",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.2.5",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "mahara-unspecified-sql-injection(59995)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59995"
},
{
"name": "40431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1669",
"datePublished": "2010-07-06T17:00:00",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:52.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3871 (GCVE-0-2010-3871)
Vulnerability from cvelistv5
Published
2010-11-09 20:00
Modified
2024-08-07 03:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/63052 | vdb-entry, x_refsource_XF | |
| http://wiki.mahara.org/Release_Notes/1.3.3 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/42152 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/44705 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:11.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mahara-groupviews-xss(63052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63052"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.3.3"
},
{
"name": "42152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42152"
},
{
"name": "44705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "mahara-groupviews-xss(63052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63052"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.3.3"
},
{
"name": "42152",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42152"
},
{
"name": "44705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mahara-groupviews-xss(63052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63052"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.3.3",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.3.3"
},
{
"name": "42152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42152"
},
{
"name": "44705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3871",
"datePublished": "2010-11-09T20:00:00",
"dateReserved": "2010-10-08T00:00:00",
"dateUpdated": "2024-08-07T03:26:11.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4431 (GCVE-0-2013-4431)
Vulnerability from cvelistv5
Published
2014-05-19 14:00
Modified
2024-08-06 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=5753 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/08/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/10/15/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2013/10/16/7 | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/mahara/+bug/1233500 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:13.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1233500"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-19T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1233500"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=5753",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=5753"
},
{
"name": "[oss-security] 20131008 CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/08/3"
},
{
"name": "[oss-security] 20131015 Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/15/1"
},
{
"name": "[oss-security] 20131015 Re: Re: CVE request: mahara 1.7.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/16/7"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1233500",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1233500"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4431",
"datePublished": "2014-05-19T14:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:13.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2247 (GCVE-0-2012-2247)
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2591 | vendor-advisory, x_refsource_DEBIAN | |
| https://mahara.org/interaction/forum/topic.php?id=4938 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1061980 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4938"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1061980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4938"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1061980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4938",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4938"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1061980",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1061980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2247",
"datePublished": "2012-11-24T20:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000134 (GCVE-0-2017-1000134)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1267686 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1267686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1267686"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.347035",
"ID": "CVE-2017-1000134",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1267686",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1267686"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000134",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000153 (GCVE-0-2017-1000153)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1577251 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1577251"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1577251"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.364092",
"ID": "CVE-2017-1000153",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1577251",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1577251"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000153",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47192 (GCVE-0-2024-47192)
Vulnerability from cvelistv5
Published
2025-08-26 00:00
Modified
2025-08-27 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T16:21:25.006295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494 Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:22:16.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T20:36:10.674Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mahara.org/interaction/forum/view.php?id=43"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9594"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-47192",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2024-09-20T00:00:00.000Z",
"dateUpdated": "2025-08-27T16:22:16.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000152 (GCVE-0-2017-1000152)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1570744 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user\u0027s account settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1570744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.363215",
"ID": "CVE-2017-1000152",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user\u0027s account settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1570744",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1570744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000152",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39335 (GCVE-0-2024-39335)
Vulnerability from cvelistv5
Published
2025-08-26 00:00
Modified
2025-08-27 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:18:03.012514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:18:59.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the \u0027Current submissions\u0027 page: Administration -\u003e Groups -\u003e Submissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:17:04.870Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mahara.org/interaction/forum/view.php?id=43"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9519"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39335",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2024-06-23T00:00:00.000Z",
"dateUpdated": "2025-08-27T14:18:59.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2246 (GCVE-0-2012-2246)
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1057240 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2591 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79273 | vdb-entry, x_refsource_XF | |
| https://mahara.org/interaction/forum/topic.php?id=4939 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1057240"
},
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "mahara-delete-clickjacking(79273)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79273"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1057240"
},
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "mahara-delete-clickjacking(79273)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79273"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4939"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1057240",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1057240"
},
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "mahara-delete-clickjacking(79273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79273"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4939",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4939"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2246",
"datePublished": "2012-11-24T20:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000133 (GCVE-0-2017-1000133)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1234615 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1234615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user\u0027s artefacts to be included in a Leap2a export of their own pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1234615"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.345996",
"ID": "CVE-2017-1000133",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user\u0027s artefacts to be included in a Leap2a export of their own pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1234615",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1234615"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000133",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2772 (GCVE-0-2011-2772)
Vulnerability from cvelistv5
Published
2011-11-15 02:00
Modified
2024-09-17 03:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+milestone/1.4.1 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/784978 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2334 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/46719 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:30.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/784978"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-15T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/784978"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"name": "https://launchpad.net/mahara/+milestone/1.4.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/784978",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/784978"
},
{
"name": "DSA-2334",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "46719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2772",
"datePublished": "2011-11-15T02:00:00Z",
"dateReserved": "2011-07-19T00:00:00Z",
"dateUpdated": "2024-09-17T03:18:11.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11195 (GCVE-0-2018-11195)
Vulnerability from cvelistv5
Published
2018-06-01 19:00
Modified
2024-08-05 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1770561 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=8269 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:52.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1770561"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8269"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser \"back and refresh\" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1770561"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8269"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser \"back and refresh\" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1770561",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1770561"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8269",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8269"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11195",
"datePublished": "2018-06-01T19:00:00",
"dateReserved": "2018-05-16T00:00:00",
"dateUpdated": "2024-08-05T08:01:52.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47853 (GCVE-0-2024-47853)
Vulnerability from cvelistv5
Published
2025-08-26 00:00
Modified
2025-09-22 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47853",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:15:00.234668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T15:34:08.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:01:44.580Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.mahara.org"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9594"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-47853",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2024-10-04T00:00:00.000Z",
"dateUpdated": "2025-09-22T15:34:08.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2239 (GCVE-0-2012-2239)
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2591 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/mahara/+bug/1047111 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=4869 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1047111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1047111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1047111",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1047111"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4869",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2239",
"datePublished": "2012-11-24T20:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43266 (GCVE-0-2021-43266)
Vulnerability from cvelistv5
Published
2021-11-02 21:54
Modified
2024-08-04 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1942903 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8952 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8995 | x_refsource_MISC | |
| https://bugs.launchpad.net/mahara/+bug/1949527 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:27.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1942903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8995"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1949527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-28T12:34:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1942903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8995"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1949527"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1942903",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1942903"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8952",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8952"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8995",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8995"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1949527",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1949527"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43266",
"datePublished": "2021-11-02T21:54:45",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-08-04T03:55:27.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6037 (GCVE-0-2012-6037)
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=4937 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2591 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/mahara/+bug/1063480 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1063480"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with \"unknown fields,\" which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-08T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1063480"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with \"unknown fields,\" which are not properly handled in error messages in the (1) bulk user, (2) group, and (3) group member upload capabilities. NOTE: this issue was originally part of CVE-2012-2243, but that ID was SPLIT due to different issues by different researchers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4937",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1063480",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1063480"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6037",
"datePublished": "2012-11-24T20:00:00",
"dateReserved": "2012-11-24T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1406 (GCVE-0-2011-1406)
Vulnerability from cvelistv5
Published
2011-05-13 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/mahara/+milestone/1.3.6 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67400 | vdb-entry, x_refsource_XF | |
| https://launchpad.net/mahara/+bug/685942 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2246 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "mahara-https-weak-security(67400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67400"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/685942"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "mahara-https-weak-security(67400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67400"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/685942"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/mahara/+milestone/1.3.6",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "mahara-https-weak-security(67400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67400"
},
{
"name": "https://launchpad.net/mahara/+bug/685942",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/685942"
},
{
"name": "DSA-2246",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1406",
"datePublished": "2011-05-13T22:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2774 (GCVE-0-2011-2774)
Vulnerability from cvelistv5
Published
2011-11-15 02:00
Modified
2024-09-16 17:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/mahara/+milestone/1.4.1 | x_refsource_CONFIRM | |
| https://launchpad.net/bugs/798128 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46719 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:30.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/798128"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"Reply to message\" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-15T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/798128"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Reply to message\" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/mahara/+milestone/1.4.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "https://launchpad.net/bugs/798128",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/798128"
},
{
"name": "46719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-2774",
"datePublished": "2011-11-15T02:00:00Z",
"dateReserved": "2011-07-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:54:13.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4118 (GCVE-0-2011-4118)
Vulnerability from cvelistv5
Published
2011-11-15 02:00
Modified
2024-09-17 02:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+milestone/1.4.1 | x_refsource_CONFIRM | |
| http://mahara.org/interaction/forum/topic.php?id=4138 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2011/11/04/10 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2011/dsa-2334 | vendor-advisory, x_refsource_DEBIAN | |
| http://openwall.com/lists/oss-security/2011/11/04/7 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/46719 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.launchpad.net/mahara/+bug/884223 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=4138"
},
{
"name": "[oss-security] 20111104 Re: CVE request: Mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/04/10"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "[oss-security] 20111104 CVE request: Mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/04/7"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46719"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/884223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-15T02:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=4138"
},
{
"name": "[oss-security] 20111104 Re: CVE request: Mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/04/10"
},
{
"name": "DSA-2334",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "[oss-security] 20111104 CVE request: Mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/04/7"
},
{
"name": "46719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46719"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/884223"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/debian-security/pool/updates/main/m/mahara/mahara_1.2.6-2+squeeze3.debian.tar.gz"
},
{
"name": "https://launchpad.net/mahara/+milestone/1.4.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.4.1"
},
{
"name": "http://mahara.org/interaction/forum/topic.php?id=4138",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=4138"
},
{
"name": "[oss-security] 20111104 Re: CVE request: Mahara",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/04/10"
},
{
"name": "DSA-2334",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2334"
},
{
"name": "[oss-security] 20111104 CVE request: Mahara",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/04/7"
},
{
"name": "46719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46719"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/884223",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/884223"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4118",
"datePublished": "2011-11-15T02:00:00Z",
"dateReserved": "2011-10-18T00:00:00Z",
"dateUpdated": "2024-09-17T02:47:30.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000137 (GCVE-0-2017-1000137)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1375092 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1375092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1375092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.349344",
"ID": "CVE-2017-1000137",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1375092",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1375092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000137",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0400 (GCVE-0-2010-0400)
Vulnerability from cvelistv5
Published
2010-04-07 15:00
Modified
2024-09-16 19:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/39253 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2010/dsa-2030 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz"
},
{
"name": "39253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39253"
},
{
"name": "DSA-2030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-07T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz"
},
{
"name": "39253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39253"
},
{
"name": "DSA-2030",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz"
},
{
"name": "39253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39253"
},
{
"name": "DSA-2030",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0400",
"datePublished": "2010-04-07T15:00:00Z",
"dateReserved": "2010-01-27T00:00:00Z",
"dateUpdated": "2024-09-16T19:52:10.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1404 (GCVE-0-2011-1404)
Vulnerability from cvelistv5
Published
2011-05-13 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/mahara/+milestone/1.3.6 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/772179 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67395 | vdb-entry, x_refsource_XF | |
| https://launchpad.net/mahara/+bug/772140 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/47798 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/44433 | third-party-advisory, x_refsource_SECUNIA | |
| https://launchpad.net/mahara/+bug/772174 | x_refsource_CONFIRM | |
| https://launchpad.net/mahara/+bug/772160 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2246 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/772179"
},
{
"name": "mahara-viewtasksjson-sec-bypass(67395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/772174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mahara/+bug/772160"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/772179"
},
{
"name": "mahara-viewtasksjson-sec-bypass(67395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"name": "47798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/772174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mahara/+bug/772160"
},
{
"name": "DSA-2246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2246"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/mahara/+milestone/1.3.6",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+milestone/1.3.6"
},
{
"name": "https://launchpad.net/mahara/+bug/772179",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772179"
},
{
"name": "mahara-viewtasksjson-sec-bypass(67395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67395"
},
{
"name": "https://launchpad.net/mahara/+bug/772140",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772140"
},
{
"name": "47798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47798"
},
{
"name": "44433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44433"
},
{
"name": "https://launchpad.net/mahara/+bug/772174",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772174"
},
{
"name": "https://launchpad.net/mahara/+bug/772160",
"refsource": "CONFIRM",
"url": "https://launchpad.net/mahara/+bug/772160"
},
{
"name": "DSA-2246",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2246"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1404",
"datePublished": "2011-05-13T22:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29992 (GCVE-0-2025-29992)
Vulnerability from cvelistv5
Published
2025-08-26 00:00
Modified
2025-08-27 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-29992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:19:52.945549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:21:02.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:06:44.163Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mahara.org/THE-FINAL-URL-IN-QUESTION"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9711"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-29992",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2025-03-13T00:00:00.000Z",
"dateUpdated": "2025-08-27T14:21:02.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9282 (GCVE-0-2020-9282)
Vulnerability from cvelistv5
Published
2020-03-09 13:42
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1863043 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8590 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1863043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the \u0027Edit access\u0027 screen when sharing portfolios."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-09T13:42:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1863043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the \u0027Edit access\u0027 screen when sharing portfolios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1863043",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1863043"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8590",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9282",
"datePublished": "2020-03-09T13:42:59",
"dateReserved": "2020-02-19T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2170 (GCVE-0-2009-2170)
Vulnerability from cvelistv5
Published
2009-06-23 16:00
Modified
2024-09-16 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mahara.org/interaction/forum/topic.php?id=752 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-23T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mahara.org/interaction/forum/topic.php?id=752",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2170",
"datePublished": "2009-06-23T16:00:00Z",
"dateReserved": "2009-06-23T00:00:00Z",
"dateUpdated": "2024-09-16T19:40:19.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000132 (GCVE-0-2017-1000132)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1190788 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1190788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1190788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.345301",
"ID": "CVE-2017-1000132",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1190788",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1190788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000132",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11196 (GCVE-0-2018-11196)
Vulnerability from cvelistv5
Published
2018-06-01 19:00
Modified
2024-08-05 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=8270 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/bugs/1770535 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:52.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1770535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/bugs/1770535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara. In contrast to other ZIP files that are uploaded, ClamAV (when activated) does not check Leap2A archives for viruses, allowing malicious files to be available for download. While files cannot be executed on Mahara itself, Mahara can be used to transfer such files to user computers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8270",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8270"
},
{
"name": "https://bugs.launchpad.net/bugs/1770535",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/1770535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11196",
"datePublished": "2018-06-01T19:00:00",
"dateReserved": "2018-05-16T00:00:00",
"dateUpdated": "2024-08-05T08:01:52.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35203 (GCVE-0-2024-35203)
Vulnerability from cvelistv5
Published
2025-08-26 00:00
Modified
2025-08-27 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T14:00:04.869268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T14:00:55.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T20:29:08.368Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.mahara.org/catalyst-security/mahara-security/-/merge_requests/6"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9519"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-35203",
"datePublished": "2025-08-26T00:00:00.000Z",
"dateReserved": "2024-05-12T00:00:00.000Z",
"dateUpdated": "2025-08-27T14:00:55.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43265 (GCVE-0-2021-43265)
Vulnerability from cvelistv5
Published
2021-11-02 21:55
Modified
2024-08-04 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1944633 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8953 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944633"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8953"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T11:08:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1944633"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8953"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1944633",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1944633"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8953",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8953"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43265",
"datePublished": "2021-11-02T21:55:08",
"dateReserved": "2021-11-02T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17455 (GCVE-0-2017-17455)
Vulnerability from cvelistv5
Published
2018-02-20 22:00
Modified
2024-08-05 20:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=8150 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1734767 | x_refsource_MISC | |
| https://reviews.mahara.org/#/c/8312/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1734767"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://reviews.mahara.org/#/c/8312/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-20T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1734767"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://reviews.mahara.org/#/c/8312/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8150",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8150"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1734767",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1734767"
},
{
"name": "https://reviews.mahara.org/#/c/8312/",
"refsource": "CONFIRM",
"url": "https://reviews.mahara.org/#/c/8312/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17455",
"datePublished": "2018-02-20T22:00:00",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-08-05T20:51:31.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28892 (GCVE-0-2022-28892)
Vulnerability from cvelistv5
Published
2022-04-28 00:00
Modified
2024-08-03 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:56.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930171"
},
{
"tags": [
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/mahara/+bug/1930171"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9094"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28892",
"datePublished": "2022-04-28T00:00:00",
"dateReserved": "2022-04-11T00:00:00",
"dateUpdated": "2024-08-03T06:10:56.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000135 (GCVE-0-2017-1000135)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1348024 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1348024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1348024"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.347830",
"ID": "CVE-2017-1000135",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1348024",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1348024"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000135",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000150 (GCVE-0-2017-1000150)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1567784 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1567784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1567784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.361497",
"ID": "CVE-2017-1000150",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1567784",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1567784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000150",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2243 (GCVE-0-2012-2243)
Vulnerability from cvelistv5
Published
2012-11-24 20:00
Modified
2024-08-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=4937 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2591 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/mahara/+bug/1055232 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1055232"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-08T10:00:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"name": "DSA-2591",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1055232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this can be leveraged with CVE-2012-2244 to execute arbitrary code without authentication, as demonstrated by modifying the clamav path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4937",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4937"
},
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1055232",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1055232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2012-2243",
"datePublished": "2012-11-24T20:00:00",
"dateReserved": "2012-04-16T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0664 (GCVE-0-2009-0664)
Vulnerability from cvelistv5
Published
2009-04-23 17:00
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mahara.org/interaction/forum/topic.php?id=532 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2009/dsa-1778 | vendor-advisory, x_refsource_DEBIAN | |
| http://osvdb.org/53891 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/34789 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34677 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/53892 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/34871 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=532"
},
{
"name": "DSA-1778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1778"
},
{
"name": "53891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53891"
},
{
"name": "34789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34789"
},
{
"name": "34677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34677"
},
{
"name": "53892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/53892"
},
{
"name": "34871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=532"
},
{
"name": "DSA-1778",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1778"
},
{
"name": "53891",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53891"
},
{
"name": "34789",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34789"
},
{
"name": "34677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34677"
},
{
"name": "53892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/53892"
},
{
"name": "34871",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mahara.org/interaction/forum/topic.php?id=532",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=532"
},
{
"name": "DSA-1778",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1778"
},
{
"name": "53891",
"refsource": "OSVDB",
"url": "http://osvdb.org/53891"
},
{
"name": "34789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34789"
},
{
"name": "34677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34677"
},
{
"name": "53892",
"refsource": "OSVDB",
"url": "http://osvdb.org/53892"
},
{
"name": "34871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0664",
"datePublished": "2009-04-23T17:00:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0440 (GCVE-0-2011-0440)
Vulnerability from cvelistv5
Published
2011-03-28 16:00
Modified
2024-08-06 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mahara.org/interaction/forum/topic.php?id=3208 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2011/dsa-2206 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/47033 | vdb-entry, x_refsource_BID | |
| http://mahara.org/interaction/forum/topic.php?id=3206 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66326 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/43858 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:09.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name": "DSA-2206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"name": "47033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47033"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3206"
},
{
"name": "mahara-blogposts-csrf(66326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66326"
},
{
"name": "43858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43858"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name": "DSA-2206",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"name": "47033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47033"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mahara.org/interaction/forum/topic.php?id=3206"
},
{
"name": "mahara-blogposts-csrf(66326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66326"
},
{
"name": "43858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43858"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mahara.org/interaction/forum/topic.php?id=3208",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=3208"
},
{
"name": "DSA-2206",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2206"
},
{
"name": "47033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47033"
},
{
"name": "http://mahara.org/interaction/forum/topic.php?id=3206",
"refsource": "CONFIRM",
"url": "http://mahara.org/interaction/forum/topic.php?id=3206"
},
{
"name": "mahara-blogposts-csrf(66326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66326"
},
{
"name": "43858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43858"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0440",
"datePublished": "2011-03-28T16:00:00",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:09.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9551 (GCVE-0-2017-9551)
Vulnerability from cvelistv5
Published
2017-09-25 16:00
Modified
2024-08-05 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mahara.org/interaction/forum/topic.php?id=8040 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mahara/+bug/1697308 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1697308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-25T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1697308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8040",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8040"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1697308",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1697308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9551",
"datePublished": "2017-09-25T16:00:00",
"dateReserved": "2017-06-11T00:00:00",
"dateUpdated": "2024-08-05T17:11:02.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000154 (GCVE-0-2017-1000154)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1580399 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1580399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara\u0027s built-in login form, still allowing users to log in even if their institution was expired or suspended."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1580399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.365187",
"ID": "CVE-2017-1000154",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara\u0027s built-in login form, still allowing users to log in even if their institution was expired or suspended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1580399",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1580399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000154",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1668 (GCVE-0-2010-1668)
Vulnerability from cvelistv5
Published
2010-07-06 17:00
Modified
2024-08-07 01:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wiki.mahara.org/Release_Notes/1.1.9 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59994 | vdb-entry, x_refsource_XF | |
| http://wiki.mahara.org/Release_Notes/1.2.5 | x_refsource_CONFIRM | |
| http://wiki.mahara.org/Release_Notes/1.0.15 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40431 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/41319 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:52.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name": "mahara-multiple-unspecified-csrf(59994)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name": "mahara-multiple-unspecified-csrf(59994)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.mahara.org/Release_Notes/1.1.9",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"name": "mahara-multiple-unspecified-csrf(59994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59994"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.2.5",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"name": "http://wiki.mahara.org/Release_Notes/1.0.15",
"refsource": "CONFIRM",
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40431"
},
{
"name": "41319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1668",
"datePublished": "2010-07-06T17:00:00",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:52.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2351 (GCVE-0-2012-2351)
Vulnerability from cvelistv5
Published
2012-07-12 20:00
Modified
2024-09-16 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/932909 | x_refsource_CONFIRM | |
| http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2467 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/05/11/9 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/05/12/4 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:23.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/932909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea"
},
{
"name": "DSA-2467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2467"
},
{
"name": "[oss-security] 20120511 CVE request: mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/9"
},
{
"name": "[oss-security] 20120512 Re: CVE request: mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the \"Match username attribute to Remote username\" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-12T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/932909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea"
},
{
"name": "DSA-2467",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2467"
},
{
"name": "[oss-security] 20120511 CVE request: mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/9"
},
{
"name": "[oss-security] 20120512 Re: CVE request: mahara",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the \"Match username attribute to Remote username\" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/932909",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/932909"
},
{
"name": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea",
"refsource": "CONFIRM",
"url": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea"
},
{
"name": "DSA-2467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2467"
},
{
"name": "[oss-security] 20120511 CVE request: mahara",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/9"
},
{
"name": "[oss-security] 20120512 Re: CVE request: mahara",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2351",
"datePublished": "2012-07-12T20:00:00Z",
"dateReserved": "2012-04-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:22:53.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000139 (GCVE-0-2017-1000139)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1397736 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1397736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1397736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.351027",
"ID": "CVE-2017-1000139",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1397736",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1397736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000139",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40849 (GCVE-0-2021-40849)
Vulnerability from cvelistv5
Published
2021-11-03 10:14
Modified
2024-08-04 02:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1930469 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=8949 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:07.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-03T10:14:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1930469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1930469",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1930469"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8949",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=8949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40849",
"datePublished": "2021-11-03T10:14:53",
"dateReserved": "2021-09-10T00:00:00",
"dateUpdated": "2024-08-04T02:51:07.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29585 (GCVE-0-2022-29585)
Vulnerability from cvelistv5
Published
2022-04-28 15:29
Modified
2024-08-03 06:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1922226 | x_refsource_MISC | |
| https://mahara.org/interaction/forum/topic.php?id=9093 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:06.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1922226"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T15:29:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1922226"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-29585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1922226",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1922226"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=9093",
"refsource": "MISC",
"url": "https://mahara.org/interaction/forum/topic.php?id=9093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29585",
"datePublished": "2022-04-28T15:29:25",
"dateReserved": "2022-04-22T00:00:00",
"dateUpdated": "2024-08-03T06:26:06.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2479 (GCVE-0-2010-2479)
Vulnerability from cvelistv5
Published
2010-07-06 17:00
Modified
2024-08-07 02:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/39613 | third-party-advisory, x_refsource_SECUNIA | |
| http://wiki.mahara.org/Release_Notes/1.1.9 | x_refsource_CONFIRM | |
| http://htmlpurifier.org/news/2010/0531-4.1.1-released | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/41259 | vdb-entry, x_refsource_BID | |
| http://wiki.mahara.org/Release_Notes/1.2.5 | x_refsource_CONFIRM | |
| http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230 | x_refsource_CONFIRM | |
| http://wiki.mahara.org/Release_Notes/1.0.15 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/40431 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39613"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://htmlpurifier.org/news/2010/0531-4.1.1-released"
},
{
"name": "41259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41259"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-07-06T17:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "39613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39613"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.1.9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://htmlpurifier.org/news/2010/0531-4.1.1-released"
},
{
"name": "41259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41259"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.2.5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.mahara.org/Release_Notes/1.0.15"
},
{
"name": "40431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40431"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2479",
"datePublished": "2010-07-06T17:00:00Z",
"dateReserved": "2010-06-28T00:00:00Z",
"dateUpdated": "2024-08-07T02:32:16.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39923 (GCVE-0-2024-39923)
Vulnerability from cvelistv5
Published
2025-08-25 00:00
Modified
2025-08-25 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:37:51.879612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:38:16.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T13:29:32.589Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://mahara.org/interaction/forum/view.php?id=43"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9546"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39923",
"datePublished": "2025-08-25T00:00:00.000Z",
"dateReserved": "2024-07-03T00:00:00.000Z",
"dateUpdated": "2025-08-25T20:38:16.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9387 (GCVE-0-2020-9387)
Vulnerability from cvelistv5
Published
2020-04-30 12:46
Modified
2024-08-04 10:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1836984 | x_refsource_CONFIRM | |
| https://mahara.org/interaction/forum/topic.php?id=8612 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1836984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting \u0027Isolated institutions\u0027 is turned on."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-30T12:46:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1836984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=8612"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting \u0027Isolated institutions\u0027 is turned on."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1836984",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1836984"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=8612",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=8612"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9387",
"datePublished": "2020-04-30T12:46:59",
"dateReserved": "2020-02-25T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.085Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44544 (GCVE-0-2022-44544)
Vulnerability from cvelistv5
Published
2022-11-06 00:00
Modified
2025-05-02 18:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:54:03.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1979575"
},
{
"tags": [
"x_transferred"
],
"url": "https://mahara.org/interaction/forum/topic.php?id=9198"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T18:37:12.586709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T18:37:16.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/mahara/+bug/1979575"
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=9198"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44544",
"datePublished": "2022-11-06T00:00:00.000Z",
"dateReserved": "2022-11-01T00:00:00.000Z",
"dateUpdated": "2025-05-02T18:37:16.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000149 (GCVE-0-2017-1000149)
Vulnerability from cvelistv5
Published
2017-11-03 18:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mahara/+bug/1558361 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1558361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target=\"_blank\" and window.open())"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mahara/+bug/1558361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.360630",
"ID": "CVE-2017-1000149",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target=\"_blank\" and window.open())"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1558361",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1558361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000149",
"datePublished": "2017-11-03T18:00:00",
"dateReserved": "2017-11-02T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}