Mahara

Mahara

108 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-4430

  • EPSS 0.33%
  • Published 19.05.2014 14:55:08
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php.

5.5

CVE-2013-4431

  • EPSS 0.62%
  • Published 19.05.2014 14:55:08
  • Last modified 12.04.2025 10:46:40

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.

4

CVE-2013-4432

  • EPSS 0.19%
  • Published 19.05.2014 14:55:08
  • Last modified 12.04.2025 10:46:40

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were rem...

4.3

CVE-2012-6037

  • EPSS 0.3%
  • Published 24.11.2012 20:55:04
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2, allow remote attackers to inject arbitrary web script or HTML via a CSV header with "unknown fields," which are...

9.1

CVE-2012-2239

  • EPSS 0.35%
  • Published 24.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php.

4.3

CVE-2012-2243

  • EPSS 0.63%
  • Published 24.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: ...

6

CVE-2012-2244

  • EPSS 0.35%
  • Published 24.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authenticated administrators to execute arbitrary programs by modifying the path to clamav. NOTE: this can be exploited without authentication by leveraging CVE-2012-2243.

6.8

CVE-2012-2246

  • EPSS 0.29%
  • Published 24.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php.

4.3

CVE-2012-2247

  • EPSS 0.3%
  • Published 24.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.

4.3

CVE-2012-2253

  • EPSS 0.26%
  • Published 24.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in group/members.php in Mahara 1.5.x before 1.5.7 and 1.6.x before 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter.