CVE-2025-61872

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mahara versions prior to 25.04.2 Mahara versions prior to 24.04.11

Description The 'search site' feature, when utilizing the Elasticsearch7 search plugin, allows for Cross-Site Scripting (XSS)—a flaw where malicious scripts are injected into trusted websites—due to improper sanitization of input in the query parameter.

Recommendations Update to version 25.04.2 or later. Update to version 24.04.11 or later. As a temporary workaround, restrict the use of the Elasticsearch7 search plugin.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-61872

Affected Products

Elasticsearch7

Mahara

CVE-2025-61872

Weakness Enumeration

Related Identifiers

Affected Products

References · 5