Using Mahara, students and staff create their personal learning stories by uploading evidence of activities they have participated in, and embedding publicly accessible content they have previously put online. They can write reflections on their experiences that frame this evidence, map it to competencies or registration requirements, and provide necessary context.
Mahara can be used for many different portfolio purposes, such as study, professional development, work-integrated learning, assessment, showcase and presentation, and employability.
Mahara makes it easy to comment and give feedback. Portfolios can also be submitted to learning management systems via LTI (Learning Tools Interoperability) for marking.
Groups in Mahara allow people to create portfolios collaboratively and engage in forum discussions.
In our podcast 'Create. Share. Engage.' portfolio practitioners, researchers, learning designers, and portfolio authors share their journey. Learn how they navigate the many different facets of portfolios in general, and Mahara specifically.
Do you want to stay updated on the latest news from Mahara and wider portfolio community? Subscribe to the monthly Mahara newsletter from Catalyst, the maintainers of Mahara.
Vulnerability type: Cross-site scripting (XSS) / stored XSS
Attack type: Remote
Impact: Code execution
Affected components: The 'External media' block and anywhere you can enter HTML code, such as a text block, notes, journal entry, and forum post.
Suggested description: Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 are vulnerable to stored cross-site scripting when a particular CSS class for embedly is used and JavaScript code constructed to perform an action.
Reported by: Can't disclose
Bug report: https://bugs.launchpad.net/mahara/+bug/1968920
CVE reference: 2022-29584