|
257681
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000137
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257682
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-1000136
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257683
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-1000135
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257684
|
8.1 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group mem…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000134
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257685
|
7.5 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of th…
|
CWE-200
Information Exposure
|
CVE-2017-1000133
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257686
|
4.8 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to do…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000132
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257687
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when usi…
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-1000131
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257688
|
5.3 |
MEDIUM
Network
|
webkitgtk
|
webkitgtk\+
|
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release…
|
CWE-20
Improper Input Validation
|
CVE-2017-1000122
|
2024-11-21 12:04 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257689
|
9.8 |
CRITICAL
Network
|
webkitgtk
|
webkitgtk\+
|
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subse…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-1000121
|
2024-11-21 12:04 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257690
|
5.4 |
MEDIUM
Network
|
pluxml
|
pluxml
|
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1001001
|
2024-11-21 12:04 |
2017-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
