Medium severity6.1NVD Advisory· Published Apr 24, 2026· Updated Apr 24, 2026
CVE-2025-61872
CVE-2025-61872
Description
Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: before 25.04.2 and before 24.04.11
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.