Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/08/30 6:20 p.m.7 views

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

8.8CVSS7.3AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 2:15 p.m.5 views

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

8.8CVSS0.00292EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 12:0 a.m.1 views

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

6.8AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.5 views

PT-2025-34769 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: The external RSS feed block in Mahara can allow for cross-site scripting XSS if the external feed XML contains a malicious value for the link attribute. Recommendations: Update Mahara to a...

6.1CVSS5.7AI score0.00188EPSS
Exploits0References6
CVE
CVE
added 2025/08/26 12:0 a.m.18 views

CVE-2024-47192

The CVE affects Mahara versions 23.04.8 and 24.04.4, where a malicious export download URL can allow an attacker to download files without proper authorization. The underlying cause is exposed via an insecure export URL mechanism (import/export workflow) that does not enforce access checks for do...

5.3CVSS6.5AI score0.0015EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.4 views

Mahara 安全漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions 23.04.8 and 24.04.4 that stems from a learning tool interoperability login that could result in elevated privileges...

8.8CVSS6.7AI score0.00292EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.6 views

PT-2025-34813 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: An issue allows an attacker to download files without proper authorization by using a malicious export download URL. Recommendations: Update to a newer version that contains a fix for this issu...

5.3CVSS7.2AI score0.0015EPSS
Exploits0References6
CVE
CVE
added 2025/08/26 12:0 a.m.14 views

CVE-2024-45753

Affected software: Mahara 23.04.8 and 24.04.4. Vulnerability: In the external RSS feed block, an external feed XML containing a malicious value for the link attribute can cause a cross-site scripting (XSS) attack. Impact (as described): Cross-site scripting due to unsafe link values in RSS feed i...

6.1CVSS6.3AI score0.00188EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/08/26 12:0 a.m.19 views

CVE-2024-47853

CVE-2024-47853 affects Mahara versions 23.04.8 and 24.04.4. The issue enables privilege escalation in certain cases during login when using Learning Tools Interoperability (LTI). CVSS 3.1 indicates high impact across confidentiality, integrity, and availability with network attack vector and low ...

8.8CVSS7.5AI score0.00292EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder