Mahara Community

Forums > Security Announcements

Subscribe to this forum to be notified about security fixes.

Topics

Topic Poster Posts Last post
Closed

Security issue relating to Access control <1.8.6, <1.9.4, <1.10.1, <15.04.0

Session management issue where old sessions wer...
Robert Lyon 3 21 April 2015, 10:25 AM by Robert Lyon

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0

Able to receive watchlist notifications about p...
Robert Lyon 1 17 April 2015, 2:52 PM by Robert Lyon

Security issue relating to Escalation of privileges <1.8.7, <1.9.5, <1.10.3, <15.04.0

Users can delete their submitted page through U...
Robert Lyon 1 17 April 2015, 2:51 PM by Robert Lyon

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0

Logged in users can stay logged in after the in...
Robert Lyon 1 17 April 2015, 2:50 PM by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0

A maliciously created .swf file can have it's c...
Robert Lyon 1 17 April 2015, 2:49 PM by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0

Session management issue where old sessions wer...
Robert Lyon 1 17 April 2015, 2:47 PM by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0

Possible cross site scripting when adding text ...
Robert Lyon 1 17 April 2015, 2:46 PM by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0

Possible cross site scripting when dragging/dro...
Robert Lyon 1 17 April 2015, 2:45 PM by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0

A maliciously created .xml file can have it's c...
Robert Lyon 1 17 April 2015, 2:44 PM by Robert Lyon
Closed

Security issue relating to disclosure of sys info <1.8.6, <1.9.4, <1.10.1

Minor version number displayed in JS, CSS links
Robert Lyon 2 27 November 2014, 8:36 AM by Robert Lyon
Closed

Security issue relating to session fixation and privilege escalation <1.8.6, <1.9.4, <1.10.1

Password reset key leaked via HTTP "Referer" fi...
Robert Lyon 1 26 November 2014, 1:36 PM by Robert Lyon
Closed

Security issue relating to privacy <1.10.1

Author not anonymised on "Shared with me" page ...
Robert Lyon 1 26 November 2014, 12:18 PM by Robert Lyon
Closed

Security issue relating to access control <1.8.6, <1.9.4, <1.10.1

Secret URL access permissions not cleared on lo...
Robert Lyon 1 26 November 2014, 12:17 PM by Robert Lyon
Closed

Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1

SSRF (Server Side Request Forgery) is a vulnera...
Robert Lyon 1 26 November 2014, 12:14 PM by Robert Lyon
Closed

Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3

Institution display names were not always prope...
Aaron Wells 1 22 October 2014, 4:18 PM by Aaron Wells
Closed

Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2

Mahara institutions that use LDAP for authentic...
Robert Lyon 1 01 August 2014, 12:13 PM by Robert Lyon
Closed

Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2

Mahara uses the external HTML Purifier library ...
Aaron Wells 1 03 April 2014, 3:42 PM by Aaron Wells
Closed

Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2

Suspended users can login via the "reset passwo...
Aaron Wells 1 03 April 2014, 3:35 PM by Aaron Wells
Closed

Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4

Unauthorized access to a folder by group members
Son Nguyen 1 31 October 2013, 4:32 PM by Son Nguyen
Closed

Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3

Category: Cross-site Scripting
Aaron Wells 1 03 October 2013, 10:59 PM by Aaron Wells
Closed

Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3

Multiple Access Control Vulnerabilities in <1.5...
Aaron Wells 1 03 October 2013, 10:49 PM by Aaron Wells
Closed

RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1

Potential compromise of stored passwords in RSS...
Aaron Wells 1 03 May 2013, 12:54 PM by Aaron Wells
Closed

Cross-site Scripting Vulnerability <1.5.9, <1.6.4

Stored XSS vulnerability in Mahara's usage of T...
Aaron Wells 1 15 April 2013, 6:18 PM by Aaron Wells
Closed

External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3

Cross site scripting vulnerability in external ...
Melissa Draper 1 15 February 2013, 4:58 PM by Melissa Draper
Closed

Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3

Cross-site Scripting Vulnerability
Melissa Draper 1 15 February 2013, 4:38 PM by Melissa Draper