Mahara Community

Forums > Security Announcements

Subscribe to this forum to be notified about security fixes.

Topics

Topic Poster Posts Last post

When a profile picture is accessed directly by ...
Aaron Wells 1 11 July 2016, 5:13 PM by Aaron Wells

When importing a Skin from an XML file, Mahara ...
Aaron Wells 1 11 July 2016, 5:10 PM by Aaron Wells

A user could in some circumstances cause anothe...
Aaron Wells 1 11 July 2016, 5:02 PM by Aaron Wells

Some authentication methods that do not use Mah...
Aaron Wells 1 11 July 2016, 4:57 PM by Aaron Wells

When Mahara is used for the identity provider i...
Aaron Wells 1 11 July 2016, 4:45 PM by Aaron Wells
Closed

Changes to Mahara's session management in 15.04...
Aaron Wells 1 03 May 2016, 1:22 PM by Aaron Wells
Closed

Changes to Mahara's session management in 15.04...
Aaron Wells 1 03 May 2016, 1:20 PM by Aaron Wells

XSS vulnerability due to window.opener (target=...
Son Nguyen 1 24 March 2016, 11:59 AM by Son Nguyen
Closed

It is possible to perform a cross-site request ...
Robert Lyon 1 19 August 2015, 5:29 PM by Robert Lyon

The title of the portfolio page was not being p...
Aaron Wells 1 10 July 2015, 6:19 PM by Aaron Wells

The site-level setting to disallow anonymous co...
Aaron Wells 1 10 July 2015, 6:11 PM by Aaron Wells

A site admin or institution admin can place HTM...
Aaron Wells 1 29 May 2015, 3:08 PM by Aaron Wells
Closed

Session management issue where old sessions wer...
Robert Lyon 3 21 April 2015, 10:25 AM by Robert Lyon

Able to receive watchlist notifications about p...
Robert Lyon 1 17 April 2015, 2:52 PM by Robert Lyon

Users can delete their submitted page through U...
Robert Lyon 1 17 April 2015, 2:51 PM by Robert Lyon

Logged in users can stay logged in after the in...
Robert Lyon 1 17 April 2015, 2:50 PM by Robert Lyon

A maliciously created .swf file can have it's c...
Robert Lyon 1 17 April 2015, 2:49 PM by Robert Lyon

Session management issue where old sessions wer...
Robert Lyon 1 17 April 2015, 2:47 PM by Robert Lyon

Possible cross site scripting when adding text ...
Robert Lyon 1 17 April 2015, 2:46 PM by Robert Lyon

Possible cross site scripting when dragging/dro...
Robert Lyon 1 17 April 2015, 2:45 PM by Robert Lyon

A maliciously created .xml file can have it's c...
Robert Lyon 1 17 April 2015, 2:44 PM by Robert Lyon
Closed

Minor version number displayed in JS, CSS links
Robert Lyon 2 27 November 2014, 8:36 AM by Robert Lyon
Closed

Password reset key leaked via HTTP "Referer" fi...
Robert Lyon 1 26 November 2014, 1:36 PM by Robert Lyon
Closed

Author not anonymised on "Shared with me" page ...
Robert Lyon 1 26 November 2014, 12:18 PM by Robert Lyon
Closed

Secret URL access permissions not cleared on lo...
Robert Lyon 1 26 November 2014, 12:17 PM by Robert Lyon