Mahara Community - Security Announcements

Mahara Community

Forums /
Security Announcements

Subscribe to this forum to be notified about security fixes.

Topic	Posts	Last post
Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon Able to receive watchlist notifications about p...	1	17 April 2015, 14:52 by Robert Lyon
Security issue relating to Escalation of privileges <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon Users can delete their submitted page through U...	1	17 April 2015, 14:51 by Robert Lyon
Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon Logged in users can stay logged in after the in...	1	17 April 2015, 14:50 by Robert Lyon
Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon A maliciously created .swf file can have it's c...	1	17 April 2015, 14:49 by Robert Lyon
Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon Session management issue where old sessions wer...	1	17 April 2015, 14:47 by Robert Lyon
Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon Possible cross site scripting when adding text ...	1	17 April 2015, 14:46 by Robert Lyon
Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon Possible cross site scripting when dragging/dro...	1	17 April 2015, 14:45 by Robert Lyon
Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon A maliciously created .xml file can have it's c...	1	17 April 2015, 14:44 by Robert Lyon
Closed Security issue relating to disclosure of sys info <1.8.6, <1.9.4, <1.10.1 by Robert Lyon Minor version number displayed in JS, CSS links	2	27 November 2014, 8:36 by Robert Lyon
Closed Security issue relating to session fixation and privilege escalation <1.8.6, <1.9.4, <1.10.1 by Robert Lyon Password reset key leaked via HTTP "Referer" fi...	1	26 November 2014, 13:36 by Robert Lyon
Closed Security issue relating to privacy <1.10.1 by Robert Lyon Author not anonymised on "Shared with me" page ...	1	26 November 2014, 12:18 by Robert Lyon
Closed Security issue relating to access control <1.8.6, <1.9.4, <1.10.1 by Robert Lyon Secret URL access permissions not cleared on lo...	1	26 November 2014, 12:17 by Robert Lyon
Closed Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1 by Robert Lyon SSRF (Server Side Request Forgery) is a vulnera...	1	26 November 2014, 12:14 by Robert Lyon
Closed Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3 by Aaron Wells Institution display names were not always prope...	1	22 October 2014, 16:18 by Aaron Wells
Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon Mahara institutions that use LDAP for authentic...	1	01 August 2014, 12:13 by Robert Lyon
Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells Mahara uses the external HTML Purifier library ...	1	03 April 2014, 15:42 by Aaron Wells
Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells Suspended users can login via the "reset passwo...	1	03 April 2014, 15:35 by Aaron Wells
Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen Unauthorized access to a folder by group members	1	31 October 2013, 16:32 by Son Nguyen
Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells Category: Cross-site Scripting	1	03 October 2013, 22:59 by Aaron Wells
Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells Multiple Access Control Vulnerabilities in <1.5...	1	03 October 2013, 22:49 by Aaron Wells
Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells Potential compromise of stored passwords in RSS...	1	03 May 2013, 12:54 by Aaron Wells
Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells Stored XSS vulnerability in Mahara's usage of T...	1	15 April 2013, 18:18 by Aaron Wells
Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted Cross site scripting vulnerability in external ...	1	15 February 2013, 16:58 by Account deleted
Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted Cross-site Scripting Vulnerability	1	15 February 2013, 16:38 by Account deleted
Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted Cross-site Scripting Vulnerability Category:...	2	23 November 2012, 16:16 by Account deleted

111 topics

Group administrators:

Robert Lyon

Kristina Hoeppner

Lisa Seeto

Forums | Mahara Community

Forums / Security Announcements

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Security issue relating to Escalation of privileges <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Security issue relating to Access control <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Security issue relating to XSS <1.10.0, <15.04.0 by Robert Lyon

Security issue relating to XSS <1.8.7, <1.9.5, <1.10.3, <15.04.0 by Robert Lyon

Closed Security issue relating to disclosure of sys info <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Closed Security issue relating to session fixation and privilege escalation <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Closed Security issue relating to privacy <1.10.1 by Robert Lyon

Closed Security issue relating to access control <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Closed Security issues relating to CSRF <1.8.6, <1.9.4, <1.10.1 by Robert Lyon

Closed Security issues relating to XSS <1.7.8, <1.8.5, <1.9.3 by Aaron Wells

Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon

Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen

Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells

Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells

Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted

Forums /
Security Announcements