9 matches found
CVE-2024-47853
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...
CVE-2024-47853
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...
CVE-2024-47853
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...
PT-2025-34769 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: The external RSS feed block in Mahara can allow for cross-site scripting XSS if the external feed XML contains a malicious value for the link attribute. Recommendations: Update Mahara to a...
CVE-2024-47192
The CVE affects Mahara versions 23.04.8 and 24.04.4, where a malicious export download URL can allow an attacker to download files without proper authorization. The underlying cause is exposed via an insecure export URL mechanism (import/export workflow) that does not enforce access checks for do...
Mahara 安全漏洞
Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 23.04.8 and 24.04.4 that stems from a learning tool interoperability login that could result in elevated privileges...
PT-2025-34813 · Mahara · Mahara
Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: An issue allows an attacker to download files without proper authorization by using a malicious export download URL. Recommendations: Update to a newer version that contains a fix for this issu...
CVE-2024-45753
Affected software: Mahara 23.04.8 and 24.04.4. Vulnerability: In the external RSS feed block, an external feed XML containing a malicious value for the link attribute can cause a cross-site scripting (XSS) attack. Impact (as described): Cross-site scripting due to unsafe link values in RSS feed i...
CVE-2024-47853
CVE-2024-47853 affects Mahara versions 23.04.8 and 24.04.4. The issue enables privilege escalation in certain cases during login when using Learning Tools Interoperability (LTI). CVSS 3.1 indicates high impact across confidentiality, integrity, and availability with network attack vector and low ...