CVE-2018-11195
MEDIUMMahara 17.04.0-17.04.7, 17.10.0-17.10.4, 18.04.0 - Sensitive Information Exposure via Browser Back/Refresh
Title source: llmDescription
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara credentials.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/mahara/+bug/1770561
Vendor Advisory x_refsource_confirm
https://mahara.org/interaction/forum/topic.php?id=8269
Scores
CVSS v3
6.8
EPSS
0.0052
EPSS Percentile
40.4%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (2)
mahara/mahara
18.04.0
mahara/mahara
17.04.0 - 17.04.8
Published
Jun 01, 2018
Tracked Since
Feb 18, 2026