Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.
Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.
Mahara allows portfolios to be shared flexibly with one person, a specific group of people, or the entire world. Access can be further restricted to a particular time frame or just within an assessment task.
Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.
Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.
In our podcast 'Create. Share. Engage.' portfolio practitioners, researchers, learning designers, and portfolio authors share their journey. Learn how they navigate the many different facets of portfolios in general, and Mahara specifically.
Mahara is open source. Install it on your own server infrastructure or engage a support company to have your site maintained professionally and receive support around your portfolio project.
You can join the Mahara community to ask your questions about the software and answer other people's questions. There are many ways of contributing to the Mahara project, for example, through translations, graphic design, business analysis and usability, reporting and fixing issues, creating new features, and developing plugins.
Message for the forum announcement:
Cross site scription of collection title on SmartEvidence overview page
Severity: High
Vulnerability type: XSS
An issue was discovered in Mahara 17.10 before 17.10.8, 18.04 before 18.04.4, and 18.10 before 18.10.1. The collection title is vulnerable to Cross Site Scripting (XSS) due to not escaping it when viewing the collection's SmartEvidence overview page (if that feature is turned on). This can be exploited by any logged-in user.
Reported by: Kirtikumar Anandrao Ramchandani
Bug report: https://bugs.launchpad.net/mahara/+bug/1819547
CVE reference: CVE-2019-9709