CVE-2025-61872 | Mahara up to 24.04.10/25.04.1 Elasticsearch7 Search Plugin Elasticsearch Query cross site scripting

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability categorized as problematic has been discovered in Mahara up to 24.04.10/25.04.1. This impacts the function Elasticsearch of the component Elasticsearch7 Search Plugin. The manipulation of the argument Query results in cross site scripting.

This vulnerability is identified as CVE-2025-61872. The attack can be executed remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2025-61872 | Mahara up to 24.04.10/25.04.1 Elasticsearch7 Search Plugin Elasticsearch Query cross site scripting

Post correlati

CVE-2021-27702 | Sercomm Router Etisalat Model S3 AC2100 Diagnostic Utility access control

CVE-2024-47315 | GiveWP Plugin up to 3.15.1 on WordPress cross-site request forgery

CVE-2024-37233 | Play.ht Plugin up to 3.6.4 on WordPress improper authentication

CVE-2024-7346 | Progress OpenEdge up to 11.7.19/12.2.14 TLS certificate validation