An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Aug 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mahara
Mahara mahara |
|
Vendors & Products |
Mahara
Mahara mahara |
Mon, 25 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Mon, 25 Aug 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-25T20:38:16.248Z
Reserved: 2024-07-03T00:00:00.000Z
Link: CVE-2024-39923

Updated: 2025-08-25T20:38:10.809Z

Status : Awaiting Analysis
Published: 2025-08-25T14:15:29.937
Modified: 2025-08-25T21:15:35.620
Link: CVE-2024-39923

No data.

Updated: 2025-08-25T21:53:01Z