CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.9AI score0.00122EPSS

Catalyst Mahara User Login Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 15.04 prior to 15.04.8, 15.10 prior to 15.10.4, and 16.04 prior to 16.04.2, which stems fr...

8.8CVSS7.1AI score0.00505EPSS

Catalyst Mahara PHP Code Execution Vulnerability

5.4CVSS6.2AI score0.00191EPSS

Catalyst Mahara Cross-Site Scripting Vulnerability (CNVD-2017-36188)

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A cross-site scripting vulnerability exists in Catalyst Mahara versions 1.10 before 1.10.0 and 15.04 before 15.04.0. A remote attacker could exploit t...

8.8CVSS6.7AI score0.00225EPSS

Catalyst Mahara Session Fixation Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara version 15.04 prior to 15.04.7 and version 15.10 prior to 15.10.3, which stems from a session ID no...

Prion•added 2017/11/03 6:29 p.m.•10 views

Code injection

Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle when using MNet as Mahara did not properly implement one of the MNet SSO API functions...

4CVSS6.5AI score0.00122EPSS

Exploits1References1Affected Software1

NVD•added 2017/11/03 6:29 p.m.•11 views

CVE-2017-1000135

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended...

6.5CVSS6.5AI score0.00122EPSS

NVD•added 2017/11/03 6:29 p.m.•10 views

CVE-2017-1000136

Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change...

6.5CVSS6.5AI score0.00145EPSS

OSV•added 2017/11/03 6:29 p.m.•11 views

CVE-2017-1000142

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation...

6.5CVSS6.8AI score

OSV•added 2017/11/03 6:29 p.m.•8 views

CVE-2017-1000152

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such a...

9.8CVSS6.9AI score

Prion•added 2017/11/03 6:29 p.m.•8 views

Arbitrary file deletion

Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file...

3.5CVSS5.6AI score0.00191EPSS

Exploits1References1Affected Software1

Prion•added 2017/11/03 6:29 p.m.•8 views

Code injection

Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the eventlog table during the user creation process if full event logging was turned on...

3.5CVSS4.8AI score0.00248EPSS

Exploits1References1Affected Software1

Cvelist•added 2017/11/03 6:0 p.m.•12 views

CVE-2017-1000149

Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener target="blank" and window.open...

5.3AI score0.00191EPSS

Cvelist•added 2017/11/03 6:0 p.m.•12 views

CVE-2017-1000137

Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard rather than drag and drop...

5.4AI score0.00191EPSS