📦 Mahara

This vulnerability allows institution administrators in Mahara to view sensitive information on the 'Current submissions' page that they should not have access to. It affects Mahara versions 24.04 bef...

This vulnerability allows attackers to exploit web services tokens in Mahara to log into associated accounts without proper authentication. This affects all Mahara installations running vulnerable ver...

This vulnerability allows attackers to escalate privileges when logging into Mahara using Learning Tools Interoperability (LTI). Attackers could gain unauthorized access to higher-privileged accounts ...

Mahara's experimental HTML bulk export feature fails to clear cached images between user exports, allowing users who receive exported files to potentially access other users' images. This affects Maha...

This CSRF vulnerability in Mahara allows attackers to trick authenticated users into performing unintended actions by exploiting easily guessable random tokens. All Mahara instances running vulnerable...

This vulnerability in Mahara's Isolated Institutions feature allows users to see groups from other institutions beyond the first page of group results, violating intended isolation. It affects Mahara ...

This CVE describes a CSV injection vulnerability in Mahara e-portfolio software where exported CSV files could contain malicious formulas that spreadsheet programs might execute. This allows attackers...

This vulnerability allows remote code execution in Mahara e-portfolio systems through shell command injection. Attackers can execute arbitrary commands on the server by crafting malicious collection n...

This vulnerability allows attackers to execute malicious JavaScript code in victims' browsers by uploading files with specially crafted names containing JavaScript. It affects Mahara e-portfolio syste...

This vulnerability in Mahara allows attackers to bypass access controls by crafting malicious export download URLs, enabling unauthorized file downloads. It affects Mahara 23.04.8 and 24.04.4 installa...

This vulnerability allows cross-site scripting (XSS) attacks in Mahara's external RSS feed block. Attackers can inject malicious scripts via manipulated RSS feed XML link attributes, which execute in ...