Vulnerability in N/a

CVE-2025-61872

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7 search plugin. The Elasticsearch funct…

EPSS: 0.000 (10.5th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References