Mahara 20.10.3

CPE Details

Mahara 20.10.3
mahara
mahara
20.10.3
2021-11-03
14h37 +00:00
2021-11-16
18h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mahara:mahara:20.10.3:*:*:*:*:*:*:*

Informations

Vendor

mahara

Product

mahara

Version

20.10.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29585 2022-04-28 13h29 +00:00 In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).
7.5
High
CVE-2022-29584 2022-04-28 13h26 +00:00 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
5.4
Medium
CVE-2022-28892 2022-04-27 22h00 +00:00 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
8.8
High
CVE-2022-24694 2022-02-09 03h31 +00:00 In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)
4.3
Medium
CVE-2021-43266 2021-11-02 20h54 +00:00 In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution
7.3
High