Yuliya Bozhko

Name of the Vulnerable Software and Affected Versions: Mahara versions 16.10 through 16.10.6 Mahara versions 17.04 through 17.04.4 Mahara versions 17.10 through 17.10.1 Description: The issue arises when a user enters invalid UTF-8 characters, leading to a Cross Site Scripting (XSS) vulnerability. To address this, Mahara will discard invalid UTF-8 characters, NULL characters, and invalid Unicode characters. Additionally, Mahara will avoid direct usage of `$ GET` and `$ POST` where possible, instead opting for `param exists()` and the correct `param *()` function to fetch the expected value. Recommendations: For Mahara versions 16.10 through 16.10.6, update to version 16.10.7 or later. For Mahara versions 17.04 through 17.04.4, update to version 17.04.5 or later. For Mahara versions 17.10 through 17.10.1, update to version 17.10.2 or later.

**Name of the Vulnerable Software and Affected Versions** Mahara versions 1.8 through 1.8.6 Mahara versions 1.9 through 1.9.4 Mahara versions 1.10 through 1.10.2 Mahara versions 15.04 through 15.04.0 **Description** The issue allows users to delete their submitted pages through URL manipulation. **Recommendations** For Mahara versions 1.8 through 1.8.6, update to version 1.8.7 or later. For Mahara versions 1.9 through 1.9.4, update to version 1.9.5 or later. For Mahara versions 1.10 through 1.10.2, update to version 1.10.3 or later. For Mahara versions 15.04 through 15.04.0, update to a version later than 15.04.0.

**Name of the Vulnerable Software and Affected Versions** Mahara versions prior to 15.04.14 Mahara versions 16.x prior to 16.04.8 Mahara versions 16.10.x prior to 16.10.5 Mahara versions 17.x prior to 17.04.3 **Description** An issue allows unauthorized access to a user's account if the browser is closed without logging out of Mahara. The value in the `usr session` table remains, and an attacker can exploit this by adjusting the `mahara` cookie to the old value, thus gaining access to the user's account. **Recommendations** For Mahara versions prior to 15.04.14, update to version 15.04.14 or later. For Mahara versions 16.x prior to 16.04.8, update to version 16.04.8 or later. For Mahara versions 16.10.x prior to 16.10.5, update to version 16.10.5 or later. For Mahara versions 17.x prior to 17.04.3, update to version 17.04.3 or later.