14 matches found
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
EUVD-2024-54911
Malicious code in bioql PyPI...
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
PT-2025-34609 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04 through 23.04.7 Mahara versions 24.04 through 24.04.2 Description: An issue exists in Mahara where the About, Contact, and Help footer links are susceptible to Cross Site Scripting XSS due to insufficient input...
Mahara 安全漏洞
Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 24.04.2 and prior to 23.04.7, which stems from an uncleaned About, Contact, and Help footer link values that could lead to a cross-site scripting attack...
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
CVE-2024-39923
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting XSS due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in...
CVE-2024-39923
CVE-2024-39923 affects Mahara, specifically versions Mahara 23.04 before 23.04.7 and 24.04 before 24.04.2. The issue stems from the About, Contact, and Help footer links not being sanitised, allowing cross-site scripting (XSS). The links are configurable by an administrator but are clickable by a...
PT-2020-17373 · Mediawiki +2 · Pushtowatch Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.1 PushToWatch extension for MediaWiki versions through 1.35.1 Description: An issue was discovered in the PushToWatch extension for MediaWiki. The primary form did not implement an anti-CSRF token, making it...