Unrated severityNVD Advisory· Published Aug 25, 2025· Updated Aug 25, 2025

CVE-2024-39923

Description

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.

Affected products

Mahara/Maharadescription
Mahara (software)/Maharallm-fuzzy
Range: >= 23.04, < 23.04.7 || >= 24.04, < 24.04.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

mahara.org/interaction/forum/topic.phpmitre
mahara.org/interaction/forum/view.phpmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000