Mahara

Short Name: mahara
Previous Names: [None Entered]
URL: http://mahara.org [visit link]
Email: infomahara.org
Security URL: http://mahara.org/interaction/forum/view.php?id=43 [visit link]
Security Email: securitymahara.org
Knowledge Base: https://wiki.mahara.org [visit link]
Notes: [No Notes]

Vulnerabilities by Vendor Product

Mahara

Mahara
Mahara Watch-list
1.3.2
OSVDB ID: 69111 Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS
1.3
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.3.3
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.2.0
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.2.1
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.2.2
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.2.3
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.2.4
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.2.5
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.2.6
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.3.1
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.3.2
OSVDB ID: 72154 Mahara Blog Post Deletion CSRF
1.3
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.3.3
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.2.0
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.2.1
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.2.2
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.2.3
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.2.4
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.2.5
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.2.6
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.3.1
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.3.2
OSVDB ID: 72155 Mahara Pieform Select Box XSS
1.3.5
OSVDB ID: 73456 Mahara Multiple Script AJAX Call Parsing Information Disclosure
OSVDB ID: 73457 Mahara HTML Email Message XSS
OSVDB ID: 73454 Mahara Multiple Script Access Restriction Bypass
OSVDB ID: 73458 Mahara wwwroot https URL Parsing Credential Disclosure
OSVDB ID: 86223 Mahara XML File Upload XSS
OSVDB ID: 73455 Mahara Admin User Creation CSRF
1.3.5
1.3.5
1.3.5
1.3.5
1.4.0
OSVDB ID: 76917 Mahara External Feed Block Unspecified XSS
OSVDB ID: 76918 Mahara Overly Large Image Handling Remote DoS
OSVDB ID: 76919 Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF
OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution
OSVDB ID: 86223 Mahara XML File Upload XSS
1.4.0
1.4.0
1.4.0
OSVDB ID: 76920 Mahara Reply to Message Functionality replyto Parameter Remote Private Message Disclosure
1.4.1
OSVDB ID: 84015 Mahara auth/saml Plugin SAML IdP Server Internal Username Spoofing Weakness
OSVDB ID: 86223 Mahara XML File Upload XSS
1.5.1
OSVDB ID: 84428 Mahara Edit Blog Insert/Edit Image XSS
OSVDB ID: 86223 Mahara XML File Upload XSS
1.4.2
OSVDB ID: 84428 Mahara Edit Blog Insert/Edit Image XSS
OSVDB ID: 86223 Mahara XML File Upload XSS
1.4.2
OSVDB ID: 84429 Mahara htdocs/auth/lib.php URI XSS
1.5.1
OSVDB ID: 84429 Mahara htdocs/auth/lib.php URI XSS
1.5.2
OSVDB ID: 86220 Mahara account/delete.php Clickjacking Weakness
OSVDB ID: 86221 Mahara Arbitrary SVG File Upload Arbitrary Code Execution
OSVDB ID: 86223 Mahara XML File Upload XSS
OSVDB ID: 86222 Mahara CSV Upload Header Error Display XSS
1.4.3
OSVDB ID: 86220 Mahara account/delete.php Clickjacking Weakness
OSVDB ID: 86221 Mahara Arbitrary SVG File Upload Arbitrary Code Execution
OSVDB ID: 86223 Mahara XML File Upload XSS
OSVDB ID: 86222 Mahara CSV Upload Header Error Display XSS
1.5.2
1.4.3
1.5.2
1.4.3
1.5.2
1.4.3
1.5.1
1.5.0
OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution
OSVDB ID: 86223 Mahara XML File Upload XSS
1.4.2
1.3.8
OSVDB ID: 86223 Mahara XML File Upload XSS
1.4.1
1.3.7
OSVDB ID: 86223 Mahara XML File Upload XSS
1.4.0
1.3.6
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.9
OSVDB ID: 86223 Mahara XML File Upload XSS
1.3.5
1.2.8
OSVDB ID: 86223 Mahara XML File Upload XSS
1.3.4
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.7
OSVDB ID: 86223 Mahara XML File Upload XSS
1.3.3
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.5
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.4
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.3
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.2
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.1
OSVDB ID: 86223 Mahara XML File Upload XSS
1.2.0
OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution
OSVDB ID: 86223 Mahara XML File Upload XSS
1.4.0
1.5.0
1.6.0
OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution
1.2.0
1.4.3
OSVDB ID: 87915 Mahara PHP XML Parser XXE Injection Arbitrary File Access
1.5.2
OSVDB ID: 87915 Mahara PHP XML Parser XXE Injection Arbitrary File Access
1.5.6
OSVDB ID: 87924 Mahara group/members.php query Parameter XSS
1.6.1
OSVDB ID: 87924 Mahara group/members.php query Parameter XSS
1.5.7
OSVDB ID: 96238 Flowplayer External Plugin Flash Application Inclusion XSS Weakness
1.6.2
OSVDB ID: 96238 Flowplayer External Plugin Flash Application Inclusion XSS Weakness
1.4.3
OSVDB ID: 92062 Mahara XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
1.5.2
OSVDB ID: 92062 Mahara XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
1.4.4
OSVDB ID: 92063 Mahara Configuration Manipulation CSRF
1.5.3
OSVDB ID: 92063 Mahara Configuration Manipulation CSRF
1.5.7
1.6.2
1.5.11
OSVDB ID: 98183 Mahara Journal Entry Object Attachment Arbitrary Object Disclosure
OSVDB ID: 98181 Mahara /htdocs/lib/web.php HTTP Header XSS
OSVDB ID: 98185 Mahara Export Function Arbitrary Image File Access
OSVDB ID: 98184 Mahara Block ID Spoofing Cross-user Block Manipulation
OSVDB ID: 98182 Mahara Object Embedding Cross-user Private Object Disclosure
1.6.6
OSVDB ID: 98181 Mahara /htdocs/lib/web.php HTTP Header XSS
1.7.2
OSVDB ID: 98181 Mahara /htdocs/lib/web.php HTTP Header XSS
1.5.11
1.6.6
OSVDB ID: 98183 Mahara Journal Entry Object Attachment Arbitrary Object Disclosure
OSVDB ID: 98185 Mahara Export Function Arbitrary Image File Access
OSVDB ID: 98184 Mahara Block ID Spoofing Cross-user Block Manipulation
OSVDB ID: 98182 Mahara Object Embedding Cross-user Private Object Disclosure
1.7.2
OSVDB ID: 98183 Mahara Journal Entry Object Attachment Arbitrary Object Disclosure
OSVDB ID: 98185 Mahara Export Function Arbitrary Image File Access
OSVDB ID: 98184 Mahara Block ID Spoofing Cross-user Block Manipulation
OSVDB ID: 98182 Mahara Object Embedding Cross-user Private Object Disclosure
1.5.11
1.6.6
1.7.2
1.5.11
1.6.6
1.7.2
1.5.11
1.6.6
1.7.2
1.5.8
OSVDB ID: 98787 Mahara lib/form/elements/wysiwyg.php value Parameter Stored XSS
1.6.3
OSVDB ID: 98787 Mahara lib/form/elements/wysiwyg.php value Parameter Stored XSS
1.5.9
OSVDB ID: 98962 Mahara Authenticated RSS Feed Credential Disclosure
1.6.4
OSVDB ID: 98962 Mahara Authenticated RSS Feed Credential Disclosure
1.7.0
OSVDB ID: 98962 Mahara Authenticated RSS Feed Credential Disclosure
1.6
OSVDB ID: 98967 Mahara /artefact/internal/editnote.php Note Title Field Stored XSS
1.5.13
OSVDB ID: 99539 Mahara Group Folder Permission Revocation Handling Access Restriction Bypass
1.6.8
OSVDB ID: 99539 Mahara Group Folder Permission Revocation Handling Access Restriction Bypass
1.7.4
OSVDB ID: 99539 Mahara Group Folder Permission Revocation Handling Access Restriction Bypass
OSVDB ID: 101404 HTML Purifier Quadratic Asymptotics Unspecified Issue
OSVDB ID: 105373 Mahara Password Reset Link Account Suspension Bypass
1.5.12
OSVDB ID: 99539 Mahara Group Folder Permission Revocation Handling Access Restriction Bypass
1.6.7
OSVDB ID: 99539 Mahara Group Folder Permission Revocation Handling Access Restriction Bypass
1.7.3
OSVDB ID: 99539 Mahara Group Folder Permission Revocation Handling Access Restriction Bypass
1.6.8
OSVDB ID: 101404 HTML Purifier Quadratic Asymptotics Unspecified Issue
1.6.9
OSVDB ID: 101404 HTML Purifier Quadratic Asymptotics Unspecified Issue
1.7.5
OSVDB ID: 101404 HTML Purifier Quadratic Asymptotics Unspecified Issue
OSVDB ID: 105373 Mahara Password Reset Link Account Suspension Bypass
1.8.1
OSVDB ID: 101404 HTML Purifier Quadratic Asymptotics Unspecified Issue
OSVDB ID: 105373 Mahara Password Reset Link Account Suspension Bypass
1.8.2
OSVDB ID: 101404 HTML Purifier Quadratic Asymptotics Unspecified Issue
OSVDB ID: 105373 Mahara Password Reset Link Account Suspension Bypass
1.6.9
OSVDB ID: 105373 Mahara Password Reset Link Account Suspension Bypass
1.7.5
1.8.2
1.6.8
OSVDB ID: 105373 Mahara Password Reset Link Account Suspension Bypass
1.7.4
1.8.1



The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2014 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
License - Privacy Statement - Terms of Use