Ngson2000

**Name of the Vulnerable Software and Affected Versions** Mahara versions prior to 1.10.0 Mahara versions 15.04 before 15.04.0 **Description** The issue allows for possible cross-site scripting when dragging and dropping files into a collection if the file has Javascript code in its title. **Recommendations** For Mahara versions prior to 1.10.0, update to version 1.10.0 or later. For Mahara versions 15.04 before 15.04.0, update to version 15.04.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mahara versions 15.04 through 15.04.7 Mahara versions 15.10 through 15.10.3 Mahara versions 16.04 through 16.04.1 **Description** The issue allows for PHP code execution. It occurs because Mahara passes portions of the XML through the PHP `unserialize()` function when importing a skin from an XML file. **Recommendations** For Mahara versions 15.04 through 15.04.7, update to version 15.04.8 or later. For Mahara versions 15.10 through 15.10.3, update to version 15.10.4 or later. For Mahara versions 16.04 through 16.04.1, update to version 16.04.2 or later.