VYPR

Mahara

by Mahara (software)

Source repositories

CVEs (110)

  • CVE-2010-1667Jul 6, 2010
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-0400Apr 7, 2010
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.

  • CVE-2009-3299Nov 3, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-3298Nov 3, 2009
    risk 0.00cvss epss 0.02

    Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote authenticated institution administrators to reset a site administrator password via unspecified vectors.

  • CVE-2009-2171Jun 23, 2009
    risk 0.00cvss epss 0.01

    Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.

  • CVE-2009-2170Jun 23, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2009-0664Apr 23, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.

  • CVE-2009-0660Mar 11, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.

  • CVE-2009-0487Feb 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.

  • CVE-2008-0381Jan 22, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.

Page 6 of 6