Mahara@15.04.8 Security Vulnerabilities and Issues — Mahara@15.04.8 CVE List

Lucene search

MaharaMahara15.04.8

8 matches found

CVE•added 2017/11/03 6:29 p.m.•44 views

CVE-2017-1000153

Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain acces...

9.8CVSS9.6AI score0.00383EPSS

CVE•added 2017/10/31 6:29 p.m.•43 views

CVE-2017-14163

An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust...

8.8CVSS8.6AI score0.00225EPSS

CVE•added 2017/11/03 6:29 p.m.•42 views

CVE-2017-1000156

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.

6.5CVSS6.4AI score0.00254EPSS

CVE•added 2017/11/03 6:29 p.m.•41 views

CVE-2017-1000151

Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.

7.5CVSS7.3AI score0.00251EPSS

CVE•added 2017/10/31 6:29 p.m.•40 views

CVE-2017-15273

Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.

5.4CVSS5.2AI score0.00333EPSS

CVE•added 2017/10/31 6:29 p.m.•39 views

CVE-2017-14752

5.4CVSS5.6AI score0.00296EPSS

CVE•added 2017/11/03 6:29 p.m.•37 views

CVE-2017-1000157

Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on.

4.4CVSS4.7AI score0.00248EPSS

CVE•added 2017/09/25 4:29 p.m.•31 views

CVE-2017-9551

Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administra...

6.1CVSS5.9AI score0.0028EPSS