Page 4 of 33 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2009-2171

https://notcve.org/view.php?id=CVE-2009-2171

23 Jun 2009 — Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact. Mahara v1.1 antes de v1.1.5 no realiza comprobaciones de permisos al guardar una vista que contiene objetos, lo que permite a los usuarios remotos autenticados leer el objeto de otro usuario. • http://mahara.org/interaction/forum/topic.php?id=753 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0

CVE-2009-0664

https://notcve.org/view.php?id=CVE-2009-0664

23 Apr 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mahara la v1.0.x anteriores a v1.0.11 y la v1.1.x anteriores a v1.1.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria a travé... • http://mahara.org/interaction/forum/topic.php?id=532 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 1

CVE-2009-0660

https://notcve.org/view.php?id=CVE-2009-0660

11 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.0 anterior a v1.0.10 y v1.1 anterior a v1.1.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) profile y (2) blog... • http://mahara.org/interaction/forum/topic.php?id=350 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •