An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.
History

Mon, 25 Aug 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Mahara
Mahara mahara
Vendors & Products Mahara
Mahara mahara

Mon, 25 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 25 Aug 2025 13:45:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-25T20:38:16.248Z

Reserved: 2024-07-03T00:00:00.000Z

Link: CVE-2024-39923

cve-icon Vulnrichment

Updated: 2025-08-25T20:38:10.809Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-25T14:15:29.937

Modified: 2025-08-25T21:15:35.620

Link: CVE-2024-39923

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-25T21:53:01Z