CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username...

5CVSS6.9AI score0.0207EPSS

Exploits0References1

Cvelist•added 2022/11/06 12:0 a.m.•20 views

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

9.7AI score0.00762EPSS

Exploits0References2

NVD•added 2021/11/03 11:15 a.m.•11 views

CVE-2021-40848

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters that a spreadsheet program could interpret as a command, leading to execution of a malicious string locally on a device, aka CSV injection...

7.8CVSS0.00958EPSS

Exploits0References2

UbuntuCve•added 2019/12/17 6:15 p.m.•18 views

CVE-2012-2237

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript innerHTML as used when generating login forms, 2 links or 3 resources URLs, and 4 the Display nam...

6.1CVSS6.4AI score0.02867EPSS

Exploits1References1

NVD•added 2018/06/01 7:29 p.m.•13 views

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

6.8CVSS6.5AI score0.00521EPSS

Exploits1References2

NVD•added 2017/11/03 6:29 p.m.•9 views

CVE-2017-1000156

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role...

6.5CVSS6.5AI score0.00828EPSS

Exploits1References1

NVD•added 2017/11/03 6:29 p.m.•11 views

CVE-2017-1000146

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link o...

5.4CVSS5.6AI score0.00711EPSS

Exploits1References1

NVD•added 2017/11/03 6:29 p.m.•14 views

CVE-2017-1000152

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such a...

9.8CVSS9.5AI score0.01173EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by