Forums | Mahara Community

Forums /
Security Announcements


Subscribe to this forum to be notified about security fixes.

Topic Posts Last post

Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells

Potential compromise of stored passwords in RSS...
1 03 May 2013, 12:54 PM

by Aaron Wells

Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells

Stored XSS vulnerability in Mahara's usage of T...
1 15 April 2013, 6:18 PM

by Aaron Wells

Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Deleted user

Cross site scripting vulnerability in external ...
1 15 February 2013, 4:58 PM

by Deleted user

Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Deleted user

Cross-site Scripting Vulnerability
1 15 February 2013, 4:38 PM

by Deleted user

Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Deleted user

Cross-site Scripting Vulnerability

Category:...
2 23 November 2012, 4:16 PM

by Deleted user

Closed Click Jacking Vulnerability by Deleted user

Click Jacking Vulnerability
1 09 October 2012, 11:19 PM

by Deleted user

Closed Cross-site Scripting Vulnerability by Deleted user

Cross-site Scripting Vulnerability
1 09 October 2012, 11:17 PM

by Deleted user

Closed Multiple Cross-site Scripting Vulnerabilities by Deleted user

Multiple Cross-site Scripting Vulnerabilities
1 09 October 2012, 11:16 PM

by Deleted user

Closed Remote Code Execution Vulnerability by Deleted user

Remote Code Execution Vulnerability
1 09 October 2012, 11:13 PM

by Deleted user

Closed Conclusion of the Security Bug Bounty by Kristina Hoeppner

Hello,
1 04 October 2012, 9:13 PM

by Kristina Hoeppner

Closed XML External Entities Vulnerability in versions 1.4.3 and 1.5.2 by Deleted user

XML External Entities Vulnerability in versions...
1 13 September 2012, 8:53 PM

by Deleted user

Closed Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1 by Deleted user

Multiple Cross-site Scripting Vulnerabilities i...
1 31 July 2012, 1:45 AM

by Deleted user

Closed Insecure defaults in SAML plugin by François Marier

This security issue only affects sites which ma...
1 15 February 2012, 8:52 PM

by François Marier

Closed Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6 by François Marier




Category:
Privilege Escalation


Seve...
1 03 November 2011, 5:56 PM

by François Marier

Closed Cross-site Request Forgery in Mahara 1.4.0 and 1.3.6 by François Marier




Category:
Cross-site Request Forgery

...
1 03 November 2011, 5:52 PM

by François Marier

Closed Cross-site Scripting in Mahara 1.4.0 and 1.3.6 by François Marier




Category:
Cross-site Scripting


Seve...
1 03 November 2011, 5:48 PM

by François Marier

Closed Information Disclosure in Mahara 1.4.0 and 1.3.6 by François Marier




Category:
Information Disclosure


Se...
1 03 November 2011, 5:46 PM

by François Marier

Closed Denial of Service in Mahara 1.4.0 and 1.3.6 by François Marier




Category:
Denial of Service


Severit...
1 03 November 2011, 5:42 PM

by François Marier

Closed HTTPS downgrade in Mahara 1.2.8 and 1.3.5 by François Marier




Category:
HTTPS to HTTP downgrade


S...
1 09 May 2011, 9:06 PM

by François Marier

Closed Cross-site scripting bugs in Mahara 1.2.8 and 1.3.5 by François Marier




Category:
Cross-site scripting


Seve...
1 09 May 2011, 9:03 PM

by François Marier

Closed Information disclosure bugs in Mahara 1.2.8 and 1.3.5 by François Marier




Category:
Information disclosure


Se...
1 09 May 2011, 9:00 PM

by François Marier

Closed Cross-site request forgeries in Mahara 1.2.8 and 1.3.5 by François Marier




Category:
Cross-site request forgery

...
1 09 May 2011, 8:49 PM

by François Marier

Closed Privilege escalations in Mahara 1.2.8 and 1.3.5 by François Marier




Category:
Privilege escalation


Seve...
1 09 May 2011, 8:45 PM

by François Marier

Closed Security fixes in HTML Purifier 4.3.0 by François Marier




Category:
Insecure bundled library


...
1 28 March 2011, 9:08 PM

by François Marier

Closed CSRF in Mahara 1.2.6 and 1.3.3 by François Marier




Category:
Cross-site request forgery

...
1 24 March 2011, 8:15 PM

by François Marier