Forums | Mahara Community

Forums /
Security Announcements


Subscribe to this forum to be notified about security fixes.

Topic Posts Last post

Closed Security issue relating to Access control and password reset link <15.04.10, <15.10.6, <16.04.4 by Robert Lyon

After the password reset link is sent via email...
1 26 October 2016, 9:39 AM

by Robert Lyon

Security issue relating to access control in Mahara groups <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Access to a group's configuration page is meant...
1 09 August 2016, 5:44 AM

by Aaron Wells

Security issue relating to passwords <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Under some error logging settings, Mahara print...
1 09 August 2016, 5:40 AM

by Aaron Wells

Security issue relating to Access control and profile pictures <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

When a profile picture is accessed directly by ...
1 12 July 2016, 5:13 AM

by Aaron Wells

Security issue relating to PHP injection <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

When importing a Skin from an XML file, Mahara ...
1 12 July 2016, 5:10 AM

by Aaron Wells

Security issue relating to Access control and Leap2a export <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

A user could in some circumstances cause anothe...
1 12 July 2016, 5:02 AM

by Aaron Wells

Security issue relating to User Authorization and expired institutions <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Some authentication methods that do not use Mah...
1 12 July 2016, 4:57 AM

by Aaron Wells

Security issue relating to User Authorization and XMLRP (MNet) <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

When Mahara is used for the identity provider i...
1 12 July 2016, 4:45 AM

by Aaron Wells

Closed Security issue relating to session fixation in PHP 5.3, <15.04.7, <15.10.3 by Aaron Wells

Changes to Mahara's session management in 15.04...
1 04 May 2016, 1:22 AM

by Aaron Wells

Closed Security issue relating to session management <15.04.7, <15.10.3 by Aaron Wells

Changes to Mahara's session management in 15.04...
1 04 May 2016, 1:20 AM

by Aaron Wells

Security issue relating to XSS <1.10.9, <15.04.6, <15.10.2 by Son Nguyen

XSS vulnerability due to window.opener (target=...
1 25 March 2016, 12:59 AM

by Son Nguyen

Closed Security issue relating to CSRF <15.04.3, <1.10.6, <1.9.8 by Robert Lyon

It is possible to perform a cross-site request ...
1 20 August 2015, 5:29 AM

by Robert Lyon

Security issue relating to XSS <1.9.7, <1.10.5, <15.04.2 by Aaron Wells

The title of the portfolio page was not being p...
1 11 July 2015, 6:19 AM

by Aaron Wells

Security issue relating to access control <1.9.7, <1.10.5, <15.04.2 by Aaron Wells

The site-level setting to disallow anonymous co...
1 11 July 2015, 6:11 AM

by Aaron Wells

Security issue relating to Stored XSS <1.9.6, <1.10.4, <15.04.1 by Aaron Wells

A site admin or institution admin can place HTM...
1 30 May 2015, 3:08 AM

by Aaron Wells

Closed Security issue relating to Access control <1.8.6, <1.9.4, <1.10.1, <15.04.0 by Robert Lyon

Session management issue where old sessions wer...
3 21 April 2015, 10:25 PM

by Robert Lyon

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Able to receive watchlist notifications about p...
1 18 April 2015, 2:52 AM

by Robert Lyon

Security issue relating to Escalation of privileges <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Users can delete their submitted page through U...
1 18 April 2015, 2:51 AM

by Robert Lyon

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Logged in users can stay logged in after the in...
1 18 April 2015, 2:50 AM

by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

A maliciously created .swf file can have it's c...
1 18 April 2015, 2:49 AM

by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Session management issue where old sessions wer...
1 18 April 2015, 2:47 AM

by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Possible cross site scripting when adding text ...
1 18 April 2015, 2:46 AM

by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Possible cross site scripting when dragging/dro...
1 18 April 2015, 2:45 AM

by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

A maliciously created .xml file can have it's c...
1 18 April 2015, 2:44 AM

by Robert Lyon

Closed Security issue relating to disclosure of sys info <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Minor version number displayed in JS, CSS links
2 27 November 2014, 9:36 PM

by Robert Lyon

77 topics
Help