Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Aug 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Wed, 27 Aug 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mahara
Mahara mahara |
|
Vendors & Products |
Mahara
Mahara mahara |
Tue, 26 Aug 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-27T14:00:55.395Z
Reserved: 2024-05-12T00:00:00.000Z
Link: CVE-2024-35203

Updated: 2025-08-27T14:00:49.852Z

Status : Awaiting Analysis
Published: 2025-08-26T21:15:47.060
Modified: 2025-08-29T16:22:31.970
Link: CVE-2024-35203

No data.

Updated: 2025-08-27T11:21:29Z