2 matches found
CVE-2025-32320
In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-47799
Mahara is affected by an information-disclosure vulnerability in the HTML bulk export feature, where exported files may leak images from other accounts because the per-account cache is not cleared. Affected: Mahara < 22.10.4 and Mahara 23.x