PT-2026-28480 · Sakai · Sakai
Published
2026-03-26
·
Updated
2026-03-27
·
CVE-2026-33402
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sakai versions 23.0 through 23.4
Sakai versions 25.0 through 25.1
Description
Sakai is a Collaboration and Learning Environment (CLE). Group titles and descriptions can contain cross-site scripting scripts. The issue affects versions 23.0 through 23.4 and 25.0 through 25.1. As a workaround, the
SAKAI SITE GROUP table can be checked for titles and descriptions containing malicious scripts.Recommendations
Update to Sakai version 23.5 or later.
Update to Sakai version 25.2 or later.
As a workaround, check the
SAKAI SITE GROUP table for titles and descriptions that contain potentially malicious scripts.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sakai