|
264651
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio p…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000146
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264652
|
4.9 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disa…
|
NVD-CWE-noinfo
|
CVE-2017-1000145
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264653
|
4.8 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, w…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000144
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264654
|
4.3 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore.
|
CWE-200
Information Exposure
|
CVE-2017-1000143
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264655
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation.
|
NVD-CWE-noinfo
|
CVE-2017-1000142
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264656
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to downl…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000140
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264657
|
8.0 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked a…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-1000139
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264658
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000138
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264659
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000137
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264660
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-1000136
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
