Search CVE reports


Toggle filters

31 – 40 of 51 results


CVE-2011-1405

Low priority
Fixed

Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and...

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2011-1404

Medium priority
Fixed

Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php,...

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2011-1403

Medium priority
Fixed

Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate...

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2011-1402

Medium priority
Fixed

Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read...

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2011-0440

Medium priority

Some fixes available 2 of 3

Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2011-0439

Medium priority

Some fixes available 2 of 3

Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box.

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2010-3871

Medium priority
Not affected

Cross-site scripting (XSS) vulnerability in blocktype/groupviews/theme/raw/groupviews.tpl in Mahara before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details...

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2010-2479

Medium priority
Fixed

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2 affected packages

mahara, php-htmlpurifier

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
php-htmlpurifier
Show less packages

CVE-2010-1670

Medium priority
Fixed

Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has improper configuration options for authentication plugins associated with logins that use the single sign-on (SSO) functionality, which allows remote attackers...

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages

CVE-2010-1669

Medium priority
Fixed

SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

1 affected package

mahara

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mahara
Show less packages