| CVE-2025-29992 |
BDSA-2025-9921 |
High |
Aug 26, 2025 |
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily d
more...
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.
less...
|
24.04, 23.04, 22.04.3_RELEASE, 21.04.7_RELEASE, 22.10.0_RELEASE, 21.10.5_RELEASE, 22.10, 21.10.4_RELEASE, 21.04.6_RELEASE, 22.04.2_RELEASE
|
| BDSA-2025-9933 |
|
Medium |
Aug 27, 2025 |
Mahara is vulnerable to cross-site scripting (XSS) due to improper handling of file names containing JavaScript code in the filebrowser system. This co
more...
Mahara is vulnerable to cross-site scripting (XSS) due to improper handling of file names containing JavaScript code in the filebrowser system. This could allow an attacker to execute arbitrary scripts in the context of the user's browser session.
**Note** As of March 2023 the source code for versions beyond **21.10.5**, **22.04.3** and **22.10.0** are only released under a subscription model.
less...
|
|
| BDSA-2025-9932 |
|
Medium |
Aug 27, 2025 |
Mahara is vulnerable to unauthorized file access due to improper validation of export download URLs. This could allow an attacker to download files the
more...
Mahara is vulnerable to unauthorized file access due to improper validation of export download URLs. This could allow an attacker to download files they do not have permission to access.
**Note** As of March 2023 the source code for versions beyond **21.10.5**, **22.04.3** and **22.10.0** are only released under a subscription model.
less...
|
|
| BDSA-2025-9929 |
|
High |
Aug 27, 2025 |
Mahara is vulnerable to escalation of privileges due to issues in the Learning Tools Interoperability (LTI) login functionality. This could allow an at
more...
Mahara is vulnerable to escalation of privileges due to issues in the Learning Tools Interoperability (LTI) login functionality. This could allow an attacker to gain unauthorized access to higher privilege levels within the system.
**Note** As of March 2023 the source code for versions beyond **21.10.5**, **22.04.3** and **22.10.0** are only released under a subscription model.
less...
|
|
| BDSA-2025-9928 |
|
Low |
Aug 27, 2025 |
Mahara is vulnerable to information disclosure due to improper access controls in the `Current submissions` page functionality. This could allow an att
more...
Mahara is vulnerable to information disclosure due to improper access controls in the `Current submissions` page functionality. This could allow an attacker to access sensitive information by exploiting the administrative interface under certain conditions.
**Note** As of March 2023 the source code for versions beyond **21.10.5**, **22.04.3** and **22.10.0** are only released under a subscription model.
less...
|
|
| BDSA-2025-9923 |
|
Medium |
Aug 27, 2025 |
Mahara is vulnerable to cross-site scripting (XSS) due to improper handling of the `link` attribute in external RSS feed XML. This could allow an attac
more...
Mahara is vulnerable to cross-site scripting (XSS) due to improper handling of the `link` attribute in external RSS feed XML. This could allow an attacker to inject malicious scripts, potentially compromising the security and integrity of the application.
**Note** As of March 2023 the source code for versions beyond **21.10.5**, **22.04.3** and **22.10.0** are only released under a subscription model.
less...
|
|
| BDSA-2025-9871 |
|
High |
Aug 26, 2025 |
Mahara contains a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the `About`, `Contact`, and `Help` pages. An attacker
more...
Mahara contains a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the `About`, `Contact`, and `Help` pages. An attacker with administrator privileges could exploit this vulnerability in order to execute arbitrary JavaScript code within the context of the victims browser.
**Note:** as of March 2023 maintenance and new version releases of Mahara are only available with a subscription.
less...
|
|
