Mahara ePortfolio System

Mahara Community

Forums > Security Announcements

Subscribe to this forum to be notified about security fixes.

Topics

Topic Poster Posts Last post
Closed

Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2

Mahara uses the external HTML Purifier library ...
Aaron Wells 1 03 April 2014, 3:42 PM by Aaron Wells
Closed

Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2

Suspended users can login via the "reset passwo...
Aaron Wells 1 03 April 2014, 3:35 PM by Aaron Wells
Closed

Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4

Unauthorized access to a folder by group members
Son Nguyen 1 31 October 2013, 4:32 PM by Son Nguyen
Closed

Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3

Category: Cross-site Scripting
Aaron Wells 1 03 October 2013, 10:59 PM by Aaron Wells
Closed

Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3

Multiple Access Control Vulnerabilities in <1.5...
Aaron Wells 1 03 October 2013, 10:49 PM by Aaron Wells
Closed

RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1

Potential compromise of stored passwords in RSS...
Aaron Wells 1 03 May 2013, 12:54 PM by Aaron Wells
Closed

Cross-site Scripting Vulnerability <1.5.9, <1.6.4

Stored XSS vulnerability in Mahara's usage of T...
Aaron Wells 1 15 April 2013, 6:18 PM by Aaron Wells
Closed

External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3

Cross site scripting vulnerability in external ...
Melissa Draper 1 15 February 2013, 4:58 PM by Melissa Draper
Closed

Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3

Cross-site Scripting Vulnerability
Melissa Draper 1 15 February 2013, 4:38 PM by Melissa Draper
Closed

Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2

Cross-site Scripting Vulnerability

Category:...
Hugh Davenport 2 23 November 2012, 4:16 PM by Melissa Draper
Closed

Click Jacking Vulnerability

Click Jacking Vulnerability
Hugh Davenport 1 09 October 2012, 11:19 PM by Hugh Davenport
Closed

Cross-site Scripting Vulnerability

Cross-site Scripting Vulnerability
Hugh Davenport 1 09 October 2012, 11:17 PM by Hugh Davenport
Closed

Multiple Cross-site Scripting Vulnerabilities

Multiple Cross-site Scripting Vulnerabilities
Hugh Davenport 1 09 October 2012, 11:16 PM by Hugh Davenport
Closed

Remote Code Execution Vulnerability

Remote Code Execution Vulnerability
Hugh Davenport 1 09 October 2012, 11:13 PM by Hugh Davenport
Closed

Conclusion of the Security Bug Bounty

Hello,
Kristina Hoeppner 1 04 October 2012, 9:13 PM by Kristina Hoeppner
Closed

XML External Entities Vulnerability in versions 1.4.3 and 1.5.2

XML External Entities Vulnerability in versions...
Melissa Draper 1 13 September 2012, 8:53 PM by Melissa Draper
Closed

Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1

Multiple Cross-site Scripting Vulnerabilities i...
Melissa Draper 1 31 July 2012, 1:45 AM by Melissa Draper
Closed

Insecure defaults in SAML plugin

This security issue only affects sites which ma...
François Marier 1 15 February 2012, 8:52 PM by François Marier
Closed

Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6




Category:
Privilege Escalation


Seve...
François Marier 1 03 November 2011, 5:56 PM by François Marier
Closed

Cross-site Request Forgery in Mahara 1.4.0 and 1.3.6




Category:
Cross-site Request Forgery

...
François Marier 1 03 November 2011, 5:52 PM by François Marier
Closed

Cross-site Scripting in Mahara 1.4.0 and 1.3.6




Category:
Cross-site Scripting


Seve...
François Marier 1 03 November 2011, 5:48 PM by François Marier
Closed

Information Disclosure in Mahara 1.4.0 and 1.3.6




Category:
Information Disclosure


Se...
François Marier 1 03 November 2011, 5:46 PM by François Marier
Closed

Denial of Service in Mahara 1.4.0 and 1.3.6




Category:
Denial of Service


Severit...
François Marier 1 03 November 2011, 5:42 PM by François Marier
Closed

HTTPS downgrade in Mahara 1.2.8 and 1.3.5




Category:
HTTPS to HTTP downgrade


S...
François Marier 1 09 May 2011, 9:06 PM by François Marier
Closed

Cross-site scripting bugs in Mahara 1.2.8 and 1.3.5




Category:
Cross-site scripting


Seve...
François Marier 1 09 May 2011, 9:03 PM by François Marier