Mahara 1.9.6

CPE Details

Mahara 1.9.6
mahara
mahara
1.9.6
2018-05-17
11h01 +00:00
2018-05-17
11h01 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:mahara:mahara:1.9.6:*:*:*:*:*:*:*

Informations

Vendor

mahara

Product

mahara

Version

1.9.6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-29585 2022-04-28 13h29 +00:00 In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).
7.5
Haute
CVE-2022-29584 2022-04-28 13h26 +00:00 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
5.4
Moyen
CVE-2022-28892 2022-04-27 22h00 +00:00 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.
8.8
Haute
CVE-2021-40849 2021-11-03 09h14 +00:00 In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges.
9.8
Critique
CVE-2021-40848 2021-11-03 09h11 +00:00 In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection.
7.8
Haute
CVE-2017-1000141 2018-01-30 18h00 +00:00 An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
6.5
Moyen
CVE-2017-1000145 2017-11-03 17h00 +00:00 Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments.
4.9
Moyen
CVE-2017-1000146 2017-11-03 17h00 +00:00 Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
5.4
Moyen
CVE-2017-1000147 2017-11-03 17h00 +00:00 Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
6.8
Moyen