Forums | Mahara Community

Forums /
Security Announcements


Subscribe to this forum to be notified about security fixes.

Topic Posts Last post

Closed Security issue relating to session fixation and privilege escalation <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Password reset key leaked via HTTP "Referer" fi...
1 26 November 2014, 13:36

by Robert Lyon

Closed Security issue relating to privacy <1.10.1 by Robert Lyon

Author not anonymised on "Shared with me" page ...
1 26 November 2014, 12:18

by Robert Lyon

Closed Security issue relating to access control <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Secret URL access permissions not cleared on lo...
1 26 November 2014, 12:17

by Robert Lyon

Closed Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

SSRF (Server Side Request Forgery) is a vulnera...
1 26 November 2014, 12:14

by Robert Lyon

Closed Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3 by Aaron Wells

Institution display names were not always prope...
1 22 October 2014, 16:18

by Aaron Wells

Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon

Mahara institutions that use LDAP for authentic...
1 01 August 2014, 12:13

by Robert Lyon

Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Mahara uses the external HTML Purifier library ...
1 03 April 2014, 15:42

by Aaron Wells

Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Suspended users can login via the "reset passwo...
1 03 April 2014, 15:35

by Aaron Wells

Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen

Unauthorized access to a folder by group members
1 31 October 2013, 16:32

by Son Nguyen

Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Category: Cross-site Scripting
1 03 October 2013, 22:59

by Aaron Wells

Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Multiple Access Control Vulnerabilities in <1.5...
1 03 October 2013, 22:49

by Aaron Wells

Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells

Potential compromise of stored passwords in RSS...
1 03 May 2013, 12:54

by Aaron Wells

Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells

Stored XSS vulnerability in Mahara's usage of T...
1 15 April 2013, 18:18

by Aaron Wells

Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted

Cross site scripting vulnerability in external ...
1 15 February 2013, 16:58

by Account deleted

Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted

Cross-site Scripting Vulnerability
1 15 February 2013, 16:38

by Account deleted

Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted

Cross-site Scripting Vulnerability

Category:...
2 23 November 2012, 16:16

by Account deleted

Closed Click Jacking Vulnerability by Account deleted

Click Jacking Vulnerability
1 09 October 2012, 23:19

by Account deleted

Closed Cross-site Scripting Vulnerability by Account deleted

Cross-site Scripting Vulnerability
1 09 October 2012, 23:17

by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities by Account deleted

Multiple Cross-site Scripting Vulnerabilities
1 09 October 2012, 23:16

by Account deleted

Closed Remote Code Execution Vulnerability by Account deleted

Remote Code Execution Vulnerability
1 09 October 2012, 23:13

by Account deleted

Closed Conclusion of the Security Bug Bounty by Kristina Hoeppner

Hello,
1 04 October 2012, 21:13

by Kristina Hoeppner

Closed XML External Entities Vulnerability in versions 1.4.3 and 1.5.2 by Account deleted

XML External Entities Vulnerability in versions...
1 13 September 2012, 20:53

by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1 by Account deleted

Multiple Cross-site Scripting Vulnerabilities i...
1 31 July 2012, 1:45

by Account deleted

Closed Insecure defaults in SAML plugin by François Marier

This security issue only affects sites which ma...
1 15 February 2012, 20:52

by François Marier

Closed Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6 by François Marier




Category:
Privilege Escalation


Seve...
1 03 November 2011, 17:56

by François Marier