CVE-2025-61788

Name of the Vulnerable Software and Affected Versions Opencast versions prior to 17.8 Opencast versions prior to 18.2

Description Opencast is a platform for managing educational audio and video content. Prior to versions 17.8 and 18.2, the paella component included and rendered user inputs, such as title and description metadata, without proper filtering. This allows attackers with write access to inject malicious HTML and JavaScript into the player, which can then be executed in the browsers of users viewing the media. This could potentially be used to modify the site or perform actions on behalf of logged-in users. The attack requires write access to the system, such as the ability to upload media and modify metadata, and cannot be exploited by unauthenticated users.

Recommendations Update Opencast to version 17.8 or later. Update Opencast to version 18.2 or later.