|
258661
|
4.3 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
|
CWE-200
Information Exposure
|
CVE-2017-1000143
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258662
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
|
NVD-CWE-noinfo
|
CVE-2017-1000142
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258663
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to downl…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000140
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258664
|
8.0 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked a…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-1000139
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258665
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000138
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258666
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000137
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258667
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-1000136
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258668
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-1000135
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258669
|
8.1 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group mem…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000134
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258670
|
7.5 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of th…
|
CWE-200
Information Exposure
|
CVE-2017-1000133
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
