← back
CVE-2024-39923

CVE-2024-39923

CVSS 6.1 MEDIUMEPSS 0.2%CWE-79
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://mahara.org/interaction/forum/topic.php?id=9546https://mahara.org/interaction/forum/view.php?id=43