Sakai
Monthly
Sakai Collaboration and Learning Environment versions 23.0-23.4 and 25.0-25.1 fail to sanitize group titles and descriptions, permitting stored cross-site scripting (XSS) attacks that execute in the browsers of users viewing affected group metadata. Authenticated users with group creation or modification privileges can inject malicious scripts that persist in the SAKAI_SITE_GROUP table and execute when other users access group information, compromising session security and enabling credential theft or unauthorized actions within the Sakai environment. Vendor-released patches are available in versions 23.5 and 25.2; no active exploitation has been reported, but the low CVSS score (1.3) reflects minimal baseline impact rather than true severity, given the requirement for user interaction (UI:P) and limited scope of harm (SC:L, SI:L) as documented in the CVSS:4.0 vector.
Sakai is a Collaboration and Learning Environment. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Sakai through 12.6 allows XSS via a chat user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Sakai Collaboration and Learning Environment versions 23.0-23.4 and 25.0-25.1 fail to sanitize group titles and descriptions, permitting stored cross-site scripting (XSS) attacks that execute in the browsers of users viewing affected group metadata. Authenticated users with group creation or modification privileges can inject malicious scripts that persist in the SAKAI_SITE_GROUP table and execute when other users access group information, compromising session security and enabling credential theft or unauthorized actions within the Sakai environment. Vendor-released patches are available in versions 23.5 and 25.2; no active exploitation has been reported, but the low CVSS score (1.3) reflects minimal baseline impact rather than true severity, given the requirement for user interaction (UI:P) and limited scope of harm (SC:L, SI:L) as documented in the CVSS:4.0 vector.
Sakai is a Collaboration and Learning Environment. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Sakai through 12.6 allows XSS via a chat user name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.