Portfolios for your learning community

Try out Mahara

Continuous single line drawing of a puhutukawa tree with a tui on the branches

Continuous single line drawing of a person working on a laptop

Create portfolios

Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.

Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.

Learn about the portfolio options

Continuous single line drawing of a group of people sitting around a laptop in discussion

Engage with others

Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.

Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.

Learn about collaborating in Mahara

Listen to portfolio stories

In our podcast 'Create. Share. Engage.' portfolio practitioners, researchers, learning designers, and portfolio authors share their journey. Learn how they navigate the many different facets of portfolios in general, and Mahara specifically.

Listen on the podcast website or in your favourite app

Mahara Community

Forums | Mahara Community

Security Announcements /
Cross-site Scripting Vulnerability <1.5.9, <1.6.4

This topic is closed. Only moderators and the group administrators can post new replies.

Aaron Wells

Posts: 896

15 April 2013, 18:18

Stored XSS vulnerability in Mahara's usage of TinyMCE editor

Category: Cross-site Scripting
Severity: High
Versions affected: < 1.6.4, < 1.5.9
Reported by: Ahmad Ashraff, Siddhesh Gawde
Identifier: CVE-2013-1426
Bug report: https://bugs.launchpad.net/mahara/+bug/1153423

A high security cross-site scripting vulnerability was discovered. The vulnerability has been fixed by the Mahara core developers.

Upgrading to Mahara 1.5.9 or 1.6.4 is strongly recommended.

Download links for fixed versions:
https://launchpad.net/mahara/+milestone/1.5.9
https://launchpad.net/mahara/+milestone/1.6.4

Edits to this post:

Aaron Wells - 19 April 2013, 12:03

1 result

Subscribe to our monthly newsletter

Do you want to stay updated on the latest news from Mahara and wider portfolio community? Subscribe to the monthly Mahara newsletter from Catalyst, the maintainers of Mahara.