Primary

Context

Mahara Cross-Site Scripting Vulnerability in Footer Links

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in Mahara versions 24.04 prior to 24.04.2 and 23.04 prior to 23.04.7. The issue arises because the About, Contact, and Help footer links can be customized by administrators without proper sanitization, allowing malicious scripts to be injected. While only admins can set up these links, any logged-in user can click on them, potentially executing the embedded JavaScript.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an injected script is executed in the context of the user's browser.

Remediation

Users are advised to update Mahara to version 24.04.2, 23.04.7, or the latest maintenance release of their current series. Mahara releases can be downloaded from the Mahara website or via a subscription.

Added: Aug 25, 2025, 2:44 PM

Updated: Aug 25, 2025, 2:44 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mahara Cross-Site Scripting Vulnerability in Footer Links

Vulnerability

Impact

Remediation

Affected Products

Mahara

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating