CVE-2024-39923

Medium CVSS: 6.1

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.

Vendor

Mahara

Product

Mahara

CWE

CWE-79

Yayın Tarihi

2025-08-25 14:15:29

Güncelleme

2025-09-05 17:04:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Mahara MEDIUM Mahara 2025

Referanslar

https://mahara.org/interaction/forum/topic.php?id=9546 https://mahara.org/interaction/forum/view.php?id=43

Benzer Kayıtlar

Medium

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part o…

Medium

CVE-2024-47192

An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker…

Critical

CVE-2024-39335

Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed…

High

CVE-2025-29992

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the data…

High

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases w…

Medium

CVE-2024-45753

In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value…