CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2017-1000138
https://notcve.org/view.php?id=CVE-2017-1000138
03 Nov 2017 — Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title. Mahara, en versiones 1.10 anteriores a la 1.10.0 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a un posible Cross-Site Scripting (XSS) cuando se arrastran/sueltan archivos a una colección si el archivo tiene código JavaScript en el título. • https://bugs.launchpad.net/mahara/+bug/1377736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 21EXPL: 0CVE-2017-1000139
https://notcve.org/view.php?id=CVE-2017-1000139
03 Nov 2017 — Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a ataques de Server-Side Request Forgery debido a que no se ver... • https://bugs.launchpad.net/mahara/+bug/1397736 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 21EXPL: 1CVE-2017-1000140
https://notcve.org/view.php?id=CVE-2017-1000140
03 Nov 2017 — Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file. Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que un archivo .xml creado con fines maliciosos ejecute su código cuando un usuario intenta descargar el archivo. • https://bugs.launchpad.net/mahara/+bug/1404117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 1CVE-2017-1000142
https://notcve.org/view.php?id=CVE-2017-1000142
03 Nov 2017 — Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users being able to delete their submitted page through URL manipulation. Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que los usuarios puedan borrar la página que han enviado mediante la manipulación de URL • https://bugs.launchpad.net/mahara/+bug/1425306 •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2017-1000143
https://notcve.org/view.php?id=CVE-2017-1000143
03 Nov 2017 — Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to users receiving watchlist notifications about pages they do not have access to anymore. Mahara, en versiones 1.8 anteriores a la 1.8.7, versiones 1.9 anteriores a la 1.9.5, versiones 1.10 anteriores a la 1.10.3 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que los usuarios reciban notificaciones de lista de actividades sobre páginas a las que ya no tienen acceso. • https://bugs.launchpad.net/mahara/+bug/1429647 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 15EXPL: 1CVE-2017-1000144
https://notcve.org/view.php?id=CVE-2017-1000144
03 Nov 2017 — Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages. Mahara, en versiones 1.9 anteriores a la 1.9.6, versiones 1.10 anteriores a la 1.10.4 y versiones 15.04 anteriores a la 15.04.1, es vulnerable a que un administrador del sitio o de la institución pueda incluir código HTML y JavaScript e... • https://bugs.launchpad.net/mahara/+bug/1447377 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 18EXPL: 1CVE-2017-1000145
https://notcve.org/view.php?id=CVE-2017-1000145
03 Nov 2017 — Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments. Mahara, en versiones 1.9 anteriores a la 1.9.7, versiones 1.10 anteriores a la 1.10.5 y versiones 15.04 anteriores a la 15.04.2, es vulnerable a que se puedan incluir comentarios anónimos en páginas de detalles de artefactos, incluso cuando el administrador del sitio no permite comenta... • https://bugs.launchpad.net/mahara/+bug/1460368 •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 1CVE-2017-1000146
https://notcve.org/view.php?id=CVE-2017-1000146
03 Nov 2017 — Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages. Mahara, en versiones 1.9 anteriores a la 1.9.7, versiones 1.10 anteriores a la 1.10.5 y versiones 15.04 anteriores a la 15.04.2, es vulnerable a la ejecución arbitraria de código JavaScript ... • https://bugs.launchpad.net/mahara/+bug/1472439 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 1CVE-2017-1000147
https://notcve.org/view.php?id=CVE-2017-1000147
03 Nov 2017 — Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account. Mahara, en versiones 1.9 anteriores a la 1.9.8, versiones 1.10 anteriores a la 1.10.6 y versiones 15.04 anteriores a la 15.04.3, es vulnerable a que se realicen ataques Cross-Site Request For... • https://bugs.launchpad.net/mahara/+bug/1480329 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1000148
https://notcve.org/view.php?id=CVE-2017-1000148
03 Nov 2017 — Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file. Mahara, en versiones 15.04 anteriores a la 15.04.8, versiones 15.10 anteriores a la 15.10.4 y versiones 16.04 anteriores a la 16.04.2, es vulnerable a la ejecución de código PHP, debido a que Mahara pasaría fragmentos del código XML mediante la función PHP "unserialize()" cu... • https://bugs.launchpad.net/mahara/+bug/1508684 • CWE-502: Deserialization of Untrusted Data •