Forums | Mahara Community

Forums /
Security Announcements


Subscribe to this forum to be notified about security fixes.

Topic Posts Last post

Closed Security issue relating to CSRF <15.04.3, <1.10.6, <1.9.8 by Robert Lyon

It is possible to perform a cross-site request ...
1 19 August 2015, 5:29 PM

by Robert Lyon

Security issue relating to XSS <1.9.7, <1.10.5, <15.04.2 by Aaron Wells

The title of the portfolio page was not being p...
1 10 July 2015, 6:19 PM

by Aaron Wells

Security issue relating to access control <1.9.7, <1.10.5, <15.04.2 by Aaron Wells

The site-level setting to disallow anonymous co...
1 10 July 2015, 6:11 PM

by Aaron Wells

Security issue relating to Stored XSS <1.9.6, <1.10.4, <15.04.1 by Aaron Wells

A site admin or institution admin can place HTM...
1 29 May 2015, 3:08 PM

by Aaron Wells

Closed Security issue relating to Access control <1.8.6, <1.9.4, <1.10.1, <15.04.0 by Robert Lyon

Session management issue where old sessions wer...
3 21 April 2015, 10:25 AM

by Robert Lyon

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Able to receive watchlist notifications about p...
1 17 April 2015, 2:52 PM

by Robert Lyon

Security issue relating to Escalation of privileges <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Users can delete their submitted page through U...
1 17 April 2015, 2:51 PM

by Robert Lyon

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Logged in users can stay logged in after the in...
1 17 April 2015, 2:50 PM

by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

A maliciously created .swf file can have it's c...
1 17 April 2015, 2:49 PM

by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Session management issue where old sessions wer...
1 17 April 2015, 2:47 PM

by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Possible cross site scripting when adding text ...
1 17 April 2015, 2:46 PM

by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Possible cross site scripting when dragging/dro...
1 17 April 2015, 2:45 PM

by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

A maliciously created .xml file can have it's c...
1 17 April 2015, 2:44 PM

by Robert Lyon

Closed Security issue relating to disclosure of sys info <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Minor version number displayed in JS, CSS links
2 27 November 2014, 8:36 AM

by Robert Lyon

Closed Security issue relating to session fixation and privilege escalation <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Password reset key leaked via HTTP "Referer" fi...
1 26 November 2014, 1:36 PM

by Robert Lyon

Closed Security issue relating to privacy <1.10.1 by Robert Lyon

Author not anonymised on "Shared with me" page ...
1 26 November 2014, 12:18 PM

by Robert Lyon

Closed Security issue relating to access control <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Secret URL access permissions not cleared on lo...
1 26 November 2014, 12:17 PM

by Robert Lyon

Closed Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

SSRF (Server Side Request Forgery) is a vulnera...
1 26 November 2014, 12:14 PM

by Robert Lyon

Closed Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3 by Aaron Wells

Institution display names were not always prope...
1 22 October 2014, 4:18 PM

by Aaron Wells

Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon

Mahara institutions that use LDAP for authentic...
1 01 August 2014, 12:13 PM

by Robert Lyon

Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Mahara uses the external HTML Purifier library ...
1 03 April 2014, 3:42 PM

by Aaron Wells

Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Suspended users can login via the "reset passwo...
1 03 April 2014, 3:35 PM

by Aaron Wells

Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen

Unauthorized access to a folder by group members
1 31 October 2013, 4:32 PM

by Son Nguyen

Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Category: Cross-site Scripting
1 03 October 2013, 10:59 PM

by Aaron Wells

Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Multiple Access Control Vulnerabilities in <1.5...
1 03 October 2013, 10:49 PM

by Aaron Wells