Volerion logoVolerion
Volerion logoVolerion

Sakai Cross-Site Scripting Vulnerability in Group Management

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Sakai versions 23.0 through 23.4 and 25.0 through 25.1. The issue arises in the group management feature, where group titles and descriptions can be manipulated to include XSS payloads. This vulnerability has been addressed in Sakai releases 25.2 and 23.5. As a temporary measure, users can inspect the SAKAI_SITE_GROUP table for any titles or descriptions that may contain XSS scripts.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users can update to Sakai versions 25.2 or 23.5, where this vulnerability has been patched. For those unable to update immediately, a workaround involves checking the SAKAI_SITE_GROUP table for titles and descriptions that contain XSS payloads.

Added: Mar 26, 2026, 5:39 PM
Updated: Mar 26, 2026, 5:39 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
1.7
exploitability
5.0
remediation
0.0
relevance
4.7
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.