Mahara 1.1 before 1.1.5 does not apply permission checks when saving a view that contains artefacts, which allows remote authenticated users to read another user's artefact.
CVSS Score
4.0
EPSS Score
0.002
Published
2009-06-23
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x before 1.0.11 and 1.1.x before 1.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the introduction field in a user profile or (2) an arbitrary text block in a user view.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-04-23
Page 4