|
258651
|
9.8 |
CRITICAL
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000153
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258652
|
9.8 |
CRITICAL
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation…
|
NVD-CWE-noinfo
|
CVE-2017-1000152
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258653
|
7.5 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
|
CWE-200
Information Exposure
|
CVE-2017-1000151
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258654
|
8.8 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation …
|
CWE-384
Session Fixation
|
CVE-2017-1000150
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258655
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000149
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258656
|
8.8 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function wh…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000148
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258657
|
6.8 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. …
|
CWE-352
Origin Validation Error
|
CVE-2017-1000147
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258658
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio p…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000146
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258659
|
4.9 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disa…
|
NVD-CWE-noinfo
|
CVE-2017-1000145
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258660
|
4.8 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, w…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000144
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
