PT-2025-34609 · Mahara · Mahara
Published
2025-08-25
·
Updated
2025-08-25
·
CVE-2024-39923
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Mahara versions 23.04 through 23.04.7
Mahara versions 24.04 through 24.04.2
Description:
An issue exists in Mahara where the About, Contact, and Help footer links are susceptible to Cross Site Scripting (XSS) due to insufficient input sanitization. These links are configurable by administrators but accessible to any authenticated user.
Recommendations:
Update to Mahara version 23.04.7 or later.
Update to Mahara version 24.04.2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mahara