CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1426
https://notcve.org/view.php?id=CVE-2013-1426
Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor. Un ataque de tipo Cross-site Scripting (XSS) en Mahara versiones anteriores a 1.5.9 y versiones 1.6.x anteriores a 1.6.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del editor TinyMCE. • https://bugs.launchpad.net/mahara/+bug/1153423 https://mahara.org/interaction/forum/topic.php?id=5365 https://security-tracker.debian.org/tracker/CVE-2013-1426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000141
https://notcve.org/view.php?id=CVE-2017-1000141
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address. Se ha descubierto un problema en versiones anteriores a la 18.10.0 de Mahara. Manejaba de manera incorrecta las peticiones de los usuarios que podían interrumpir la capacidad de un usuario de mantener su propia cuenta (cambiar el nombre de usuario, cambiar la dirección de correo electrónico principal, eliminar la cuenta). • https://bugs.launchpad.net/mahara/+bug/1422492 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4430
https://notcve.org/view.php?id=CVE-2013-4430
Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php. Vulnerabilidad de XSS en Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera Host hacia lib/web.php. • http://www.openwall.com/lists/oss-security/2013/10/08/3 http://www.openwall.com/lists/oss-security/2013/10/15/1 http://www.openwall.com/lists/oss-security/2013/10/16/7 https://bugs.launchpad.net/mahara/+bug/1175446 https://mahara.org/interaction/forum/topic.php?id=5754 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4431
https://notcve.org/view.php?id=CVE-2013-4431
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request. Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no previene debidamente acceso a bloques, lo que permite a usuarios remotos autenticados modificar bloques arbitrarios a través del bock id en una solicitud de editar. • http://www.openwall.com/lists/oss-security/2013/10/08/3 http://www.openwall.com/lists/oss-security/2013/10/15/1 http://www.openwall.com/lists/oss-security/2013/10/16/7 https://bugs.launchpad.net/mahara/+bug/1233500 https://mahara.org/interaction/forum/topic.php?id=5753 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4429
https://notcve.org/view.php?id=CVE-2013-4429
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block. Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no restringe debidamente acceso a artefactos, lo que permite a usuarios remotos autenticados leer artefactos arbitrarios a través del (1) id del artefacto en una acción de subida cuando crea un diario o (2) parámetro instconf_artefactid_selected[ID] en una acción de subida cuando edita un bloque. • http://www.openwall.com/lists/oss-security/2013/10/08/3 http://www.openwall.com/lists/oss-security/2013/10/15/1 http://www.openwall.com/lists/oss-security/2013/10/16/7 https://bugs.launchpad.net/mahara/+bug/1211758 https://mahara.org/interaction/forum/topic.php?id=5753 • CWE-264: Permissions, Privileges, and Access Controls •