CVE-2025-61872 | Mahara up to 24.04.10/25.04.1 Elasticsearch7 Search Plugin Elasticsearch Query cross site scripting

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Mahara up to 24.04.10/25.04.1. This impacts the function Elasticsearch of the component Elasticsearch7 Search Plugin. The manipulation of the argument Query results in cross site scripting.

This vulnerability is identified as CVE-2025-61872. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2025-61872 | Mahara up to 24.04.10/25.04.1 Elasticsearch7 Search Plugin Elasticsearch Query cross site scripting

Post correlati

CVE-2024-57948 | Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10 Network Interface lib/list_debug.c ieee802154_if_remove use after free

CVE-2025-47726 | Delta Electronics CNCSoft File out-of-bounds write (PCSA-2025-00006)

CVE-2025-4276 | Insyde H2O UsbCoreDxe input validation

CVE-2024-1315 | Classified Listing Plugin up to 3.0.4 on WordPress rtcl_update_user_account cross-site request forgery