CVSS: 4.4EPSS: 0%CPEs: 34EXPL: 1CVE-2017-1000157
https://notcve.org/view.php?id=CVE-2017-1000157
03 Nov 2017 — Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creation process if full event logging was turned on. Mahara, en versiones 15.04 anteriores a la 15.04.13, versiones 16.04 anteriores a la 16.04.7, versiones 16.10 anteriores a la 16.10.4 y versiones 17.04 anteriores a la 17.04.2 es vulnerable a que se guarden contraseñas en texto plano en la tabla event_log durante el... • https://bugs.launchpad.net/mahara/+bug/1692749 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 1CVE-2017-1000136
https://notcve.org/view.php?id=CVE-2017-1000136
03 Nov 2017 — Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change. Mahara, en versiones 1.8 anteriores a la 1.8.6, versiones 1.9 anteriores a la 1.9.4, versiones 1.10 anteriores a la 1.10.1 y versiones 15.04 anteriores a la 15.04.0, es vulnerable a que no se invaliden las sesiones antiguas después de un cambio de contraseña. • https://bugs.launchpad.net/mahara/+bug/1363873 • CWE-613: Insufficient Session Expiration •
CVSS: 5.4EPSS: 0%CPEs: 42EXPL: 0CVE-2017-15273
https://notcve.org/view.php?id=CVE-2017-15273
31 Oct 2017 — Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts. Mahara, en versiones 15.04 anteriores a la 15.04.15, versiones 16.04 anteriores a la 16.04.9, versiones 16.10 anteriores a la 16.10.6 y versiones 17.04 anteriores a la 17.04.4, es vulnerable a que un usuario envíe un payload potencialmente peligroso (como código XSS) para que se guard... • https://bugs.launchpad.net/mahara/+bug/1719472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 38EXPL: 0CVE-2017-14163
https://notcve.org/view.php?id=CVE-2017-14163
31 Oct 2017 — An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open a browser, visit the Mahara site, and adjust the 'mahara' cookie to the old value, they can get access to the user's account. Se ha descubierto un problema en Mahara, en versiones anteriores a la 15.04.14, versiones 16.x anteriores a la 16.04.8, versiones 1... • https://bugs.launchpad.net/mahara/+bug/1701978 • CWE-384: Session Fixation •
CVSS: 5.4EPSS: 0%CPEs: 42EXPL: 0CVE-2017-14752
https://notcve.org/view.php?id=CVE-2017-14752
31 Oct 2017 — Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara. Mahara, en versiones 15.04 anteriores a la 15.04.15, versiones 16.04 anteriores a la 16.04.9, versiones 16.10 anterio... • https://bugs.launchpad.net/mahara/+bug/1719491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 38EXPL: 0CVE-2017-9551
https://notcve.org/view.php?id=CVE-2017-9551
25 Sep 2017 — Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as their name in the usr_registration table. The values are then emailed to the the user and administrator and if accepted become part of the new user's account. Mahara en versiones 15.04 anteriores a la 15.04.14, 16.04 anteriores a la 16.04.8, 16.10 anteriores a la 16.10.5, 17.04 anteriores a la 17.04.3 es vulnera... • https://bugs.launchpad.net/mahara/+bug/1697308 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4429
https://notcve.org/view.php?id=CVE-2013-4429
19 May 2014 — Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block. Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no restringe debidamente acceso a artefactos, lo que permite a usuarios remotos autenticados leer... • http://www.openwall.com/lists/oss-security/2013/10/08/3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4430
https://notcve.org/view.php?id=CVE-2013-4430
19 May 2014 — Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php. Vulnerabilidad de XSS en Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera Host hacia lib/web.php. • http://www.openwall.com/lists/oss-security/2013/10/08/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2013-4431
https://notcve.org/view.php?id=CVE-2013-4431
19 May 2014 — Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request. Mahara anterior a 1.5.12, 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.3 no previene debidamente acceso a bloques, lo que permite a usuarios remotos autenticados modificar bloques arbitrarios a través del bock id en una solicitud de editar. • http://www.openwall.com/lists/oss-security/2013/10/08/3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2013-4432
https://notcve.org/view.php?id=CVE-2013-4432
19 May 2014 — Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php. Mahara anterior a 1.5.13, 1.6.x anterior a 1.6.8 y 1.7.x anterior a 1.7.4 no restringe debidamente acceso a carpetas, lo que permite a usuarios remotos autenticados leer carpetas arbitrarias (... • http://www.openwall.com/lists/oss-security/2013/10/08/3 • CWE-264: Permissions, Privileges, and Access Controls •