Cross-Site Scripting Vulnerability in Mahara by Mahara.Org
CVE-2024-45753

6.1MEDIUM

Key Information:

Vendor: Mahara.Org
Status: Mahara
Vendor: CVE Published:; 26 August 2025

What is CVE-2024-45753?

A vulnerability affecting Mahara versions 23.04.8 and 24.04.4 allows for Cross-Site Scripting (XSS) through the external RSS feed block. If an RSS feed contains a malicious link attribute, it can exploit the system, leading to unauthorized access or actions by users. This poses a significant threat, particularly in environments where user input is not properly sanitized.

References

https://mahara.org

https://mahara.org/interaction/forum/topic.php?id=9594

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Sep 6, 2024