Skip to main content

Sakai

3 CVEs product

Monthly

CVE-2026-33402 LOW PATCH Monitor

Sakai Collaboration and Learning Environment versions 23.0-23.4 and 25.0-25.1 fail to sanitize group titles and descriptions, permitting stored cross-site scripting (XSS) attacks that execute in the browsers of users viewing affected group metadata. Authenticated users with group creation or modification privileges can inject malicious scripts that persist in the SAKAI_SITE_GROUP table and execute when other users access group information, compromising session security and enabling credential theft or unauthorized actions within the Sakai environment. Vendor-released patches are available in versions 23.5 and 25.2; no active exploitation has been reported, but the low CVSS score (1.3) reflects minimal baseline impact rather than true severity, given the requirement for user interaction (UI:P) and limited scope of harm (SC:L, SI:L) as documented in the CVSS:4.0 vector.

XSS Sakai
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2024-47876 Maven HIGH PATCH This Week

Sakai is a Collaboration and Learning Environment. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sakai
NVD GitHub
CVSS 4.0
8.7
EPSS
0.6%
CVE-2019-16148 Maven MEDIUM PATCH This Month

Sakai through 12.6 allows XSS via a chat user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sakai
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
EPSS 0% CVSS 1.3
LOW PATCH Monitor

Sakai Collaboration and Learning Environment versions 23.0-23.4 and 25.0-25.1 fail to sanitize group titles and descriptions, permitting stored cross-site scripting (XSS) attacks that execute in the browsers of users viewing affected group metadata. Authenticated users with group creation or modification privileges can inject malicious scripts that persist in the SAKAI_SITE_GROUP table and execute when other users access group information, compromising session security and enabling credential theft or unauthorized actions within the Sakai environment. Vendor-released patches are available in versions 23.5 and 25.2; no active exploitation has been reported, but the low CVSS score (1.3) reflects minimal baseline impact rather than true severity, given the requirement for user interaction (UI:P) and limited scope of harm (SC:L, SI:L) as documented in the CVSS:4.0 vector.

XSS Sakai
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH PATCH This Week

Sakai is a Collaboration and Learning Environment. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Sakai
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Sakai through 12.6 allows XSS via a chat user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sakai
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy