Mahara Community

Forums > Security Announcements

Subscribe to this forum to be notified about security fixes.

Topics

Topic Poster Posts Last post

The title of the portfolio page was not being p...
Aaron Wells 1 10 July 2015, 6:19 PM by Aaron Wells

The site-level setting to disallow anonymous co...
Aaron Wells 1 10 July 2015, 6:11 PM by Aaron Wells

A site admin or institution admin can place HTM...
Aaron Wells 1 29 May 2015, 3:08 PM by Aaron Wells
Closed

Session management issue where old sessions wer...
Robert Lyon 3 21 April 2015, 10:25 AM by Robert Lyon

Able to receive watchlist notifications about p...
Robert Lyon 1 17 April 2015, 2:52 PM by Robert Lyon

Users can delete their submitted page through U...
Robert Lyon 1 17 April 2015, 2:51 PM by Robert Lyon

Logged in users can stay logged in after the in...
Robert Lyon 1 17 April 2015, 2:50 PM by Robert Lyon

A maliciously created .swf file can have it's c...
Robert Lyon 1 17 April 2015, 2:49 PM by Robert Lyon

Session management issue where old sessions wer...
Robert Lyon 1 17 April 2015, 2:47 PM by Robert Lyon

Possible cross site scripting when adding text ...
Robert Lyon 1 17 April 2015, 2:46 PM by Robert Lyon

Possible cross site scripting when dragging/dro...
Robert Lyon 1 17 April 2015, 2:45 PM by Robert Lyon

A maliciously created .xml file can have it's c...
Robert Lyon 1 17 April 2015, 2:44 PM by Robert Lyon
Closed

Minor version number displayed in JS, CSS links
Robert Lyon 2 27 November 2014, 8:36 AM by Robert Lyon
Closed

Password reset key leaked via HTTP "Referer" fi...
Robert Lyon 1 26 November 2014, 1:36 PM by Robert Lyon
Closed

Author not anonymised on "Shared with me" page ...
Robert Lyon 1 26 November 2014, 12:18 PM by Robert Lyon
Closed

Secret URL access permissions not cleared on lo...
Robert Lyon 1 26 November 2014, 12:17 PM by Robert Lyon
Closed

SSRF (Server Side Request Forgery) is a vulnera...
Robert Lyon 1 26 November 2014, 12:14 PM by Robert Lyon
Closed

Institution display names were not always prope...
Aaron Wells 1 22 October 2014, 4:18 PM by Aaron Wells
Closed

Mahara institutions that use LDAP for authentic...
Robert Lyon 1 01 August 2014, 12:13 PM by Robert Lyon
Closed

Mahara uses the external HTML Purifier library ...
Aaron Wells 1 03 April 2014, 3:42 PM by Aaron Wells
Closed

Suspended users can login via the "reset passwo...
Aaron Wells 1 03 April 2014, 3:35 PM by Aaron Wells
Closed

Unauthorized access to a folder by group members
Son Nguyen 1 31 October 2013, 4:32 PM by Son Nguyen
Closed

Category: Cross-site Scripting
Aaron Wells 1 03 October 2013, 10:59 PM by Aaron Wells
Closed

Multiple Access Control Vulnerabilities in <1.5...
Aaron Wells 1 03 October 2013, 10:49 PM by Aaron Wells
Closed

Potential compromise of stored passwords in RSS...
Aaron Wells 1 03 May 2013, 12:54 PM by Aaron Wells