Roman Mironov

**Name of the Vulnerable Software and Affected Versions** Mahara versions 1.8 through 1.8.6 Mahara versions 1.9 through 1.9.4 Mahara versions 1.10 through 1.10.2 Mahara versions 15.04 before 15.04.0 **Description** The issue allows a maliciously created .xml file to have its code executed when a user attempts to download the file. **Recommendations** For Mahara versions 1.8 through 1.8.6, update to version 1.8.7 or later. For Mahara versions 1.9 through 1.9.4, update to version 1.9.5 or later. For Mahara versions 1.10 through 1.10.2, update to version 1.10.3 or later. For Mahara versions 15.04 before 15.04.0, update to version 15.04.0 or later.