Mahara Community - Security Announcements

Mahara Community

Forums /
Security Announcements

Subscribe to this forum to be notified about security fixes.

Topic	Posts	Last post
Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela Prevent disclosing usernames that are taken exp...	1	30 May 2018, 5:36 PM by Cecilia Vela
Closed Security issue relating to the upload of a virus-infected file <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela Virus scanner does not check Leap2A zip files	1	30 May 2018, 5:35 PM by Cecilia Vela
Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela Prevent a back and refresh attack through the w...	1	30 May 2018, 5:31 PM by Cecilia Vela
Closed Security issue relating to cross-site scripting <16.10.9; <17.04.7; <17.10.4 by Robert Lyon Avoid relying on TinyMCE code stripping alone	1	06 April 2018, 11:32 AM by Robert Lyon
Closed Security issue relating to disclosing information <16.10.7; <17.04.5; <17.10.2 by Robert Lyon Have page forgotpass.php use captcha field (if ...	1	17 January 2018, 5:23 PM by Robert Lyon
Closed Security issue relating to incorrect redirect <16.10.7; <17.04.5; <17.10.2 by Robert Lyon Needing the HTTP Strict Transport Security (HST...	1	17 January 2018, 5:14 PM by Robert Lyon
Closed Security issue relating to cross-site scripting <16.10.7; <17.04.5; <17.10.2 by Robert Lyon Fix user input from direct POST / GET usage	1	17 January 2018, 5:09 PM by Robert Lyon
Closed Security issue relating to XSS and saving of display name <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon Don't allow saving of firstname, lastname, and ...	1	30 October 2017, 2:35 PM by Robert Lyon
Closed Security issue relating to Access control and session cookies <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon Old session cookies can be used to access an ac...	1	30 October 2017, 2:34 PM by Robert Lyon
Closed Security issue relating to cross-site scripting <15.04.15; <16.04.9; <16.10.6; <17.04.4 by Robert Lyon User's displayed title is not escaped for inter...	1	30 October 2017, 2:27 PM by Robert Lyon
Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3 by Kristina Hoeppner Mahara 15.04 before 15.04.14 and 16.04 before 1...	1	11 September 2017, 12:02 PM by Kristina Hoeppner
Security issue logging passwords during full event logging <17.04.2, <16.10.4, <16.04.7, <15.04.13 by Robert Lyon Recording plain text passwords in event_log tab...	1	25 May 2017, 7:11 PM by Robert Lyon
Security issue relating to logging of passwords from Mahara Mobile by Kristina Hoeppner Hello,	2	12 February 2017, 4:55 PM by Kristina Hoeppner
Security issue relating to a remote code execution vulnerability in PHPMailer <15.04.11, <15.10.7, <16.04.5, <16.10.2 by Kristina Hoeppner From PHPMailer: All addresses used by PHPMailer...	1	29 December 2016, 11:39 PM by Kristina Hoeppner
Closed Security issue relating to Access control and password reset link <15.04.10, <15.10.6, <16.04.4 by Robert Lyon After the password reset link is sent via email...	1	25 October 2016, 8:39 PM by Robert Lyon
Security issue relating to access control in Mahara groups <15.04.9, <15.10.5, <16.04.3 by Aaron Wells Access to a group's configuration page is meant...	1	08 August 2016, 5:44 PM by Aaron Wells
Security issue relating to passwords <15.04.9, <15.10.5, <16.04.3 by Aaron Wells Under some error logging settings, Mahara print...	1	08 August 2016, 5:40 PM by Aaron Wells
Security issue relating to Access control and profile pictures <15.04.8, <15.10.4, <16.04.2 by Aaron Wells When a profile picture is accessed directly by ...	1	11 July 2016, 5:13 PM by Aaron Wells
Security issue relating to PHP injection <15.04.8, <15.10.4, <16.04.2 by Aaron Wells When importing a Skin from an XML file, Mahara ...	1	11 July 2016, 5:10 PM by Aaron Wells
Security issue relating to Access control and Leap2a export <15.04.8, <15.10.4, <16.04.2 by Aaron Wells A user could in some circumstances cause anothe...	1	11 July 2016, 5:02 PM by Aaron Wells
Security issue relating to User Authorization and expired institutions <15.04.8, <15.10.4, <16.04.2 by Aaron Wells Some authentication methods that do not use Mah...	1	11 July 2016, 4:57 PM by Aaron Wells
Security issue relating to User Authorization and XMLRP (MNet) <15.04.8, <15.10.4, <16.04.2 by Aaron Wells When Mahara is used for the identity provider i...	1	11 July 2016, 4:45 PM by Aaron Wells
Closed Security issue relating to session fixation in PHP 5.3, <15.04.7, <15.10.3 by Aaron Wells Changes to Mahara's session management in 15.04...	1	03 May 2016, 1:22 PM by Aaron Wells
Closed Security issue relating to session management <15.04.7, <15.10.3 by Aaron Wells Changes to Mahara's session management in 15.04...	1	03 May 2016, 1:20 PM by Aaron Wells
Security issue relating to XSS <1.10.9, <15.04.6, <15.10.2 by Son Nguyen XSS vulnerability due to window.opener (target=...	1	24 March 2016, 11:59 AM by Son Nguyen

91 topics

«Previous page
1
2
3
4
»Next page

Group administrators:

Robert Lyon

Aaron Wells

Cecilia Vela

Kristina Hoeppner

Forums | Mahara Community

Forums / Security Announcements

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Closed Security issue relating to the upload of a virus-infected file <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Closed Security issue relating to disclosing information <17.04.8; <17.10.5: <18.04.1 by Cecilia Vela

Closed Security issue relating to cross-site scripting <16.10.9; <17.04.7; <17.10.4 by Robert Lyon

Closed Security issue relating to disclosing information <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Closed Security issue relating to incorrect redirect <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Closed Security issue relating to cross-site scripting <16.10.7; <17.04.5; <17.10.2 by Robert Lyon

Closed Security issue relating to XSS and saving of display name <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon

Closed Security issue relating to Access control and session cookies <15.04.15, <16.04.9, <16.10.6, <17.04.4 by Robert Lyon

Closed Security issue relating to cross-site scripting <15.04.15; <16.04.9; <16.10.6; <17.04.4 by Robert Lyon

Security issue relating to cross-site scripting <15.04.14; <16.04.8; <16.10.5; <17.04.3 by Kristina Hoeppner

Security issue logging passwords during full event logging <17.04.2, <16.10.4, <16.04.7, <15.04.13 by Robert Lyon

Security issue relating to logging of passwords from Mahara Mobile by Kristina Hoeppner

Security issue relating to a remote code execution vulnerability in PHPMailer <15.04.11, <15.10.7, <16.04.5, <16.10.2 by Kristina Hoeppner

Closed Security issue relating to Access control and password reset link <15.04.10, <15.10.6, <16.04.4 by Robert Lyon

Security issue relating to access control in Mahara groups <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Security issue relating to passwords <15.04.9, <15.10.5, <16.04.3 by Aaron Wells

Security issue relating to Access control and profile pictures <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Security issue relating to PHP injection <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Security issue relating to Access control and Leap2a export <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Security issue relating to User Authorization and expired institutions <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Security issue relating to User Authorization and XMLRP (MNet) <15.04.8, <15.10.4, <16.04.2 by Aaron Wells

Closed Security issue relating to session fixation in PHP 5.3, <15.04.7, <15.10.3 by Aaron Wells

Closed Security issue relating to session management <15.04.7, <15.10.3 by Aaron Wells

Security issue relating to XSS <1.10.9, <15.04.6, <15.10.2 by Son Nguyen

Forums /
Security Announcements