CNNVD-202508-3060 Information

CNNVD ID

CNNVD-202508-3060

Related CVE

CVE-2024-35203

• CNNVD Published: 2025-08-26

Description (Chinese)

Mahara是Mahara的一个基于Web的免费开源电子档案袋管理系统。 Mahara 22.10.6之前版本、23.04.6之前版本和24.04.1之前版本存在安全漏洞，该漏洞源于上传文件名包含恶意JavaScript代码，可能导致跨站脚本攻击。

Description (English)

Mahara is a free, open-source electronic archive bag management system based on Web in Mahara. 22.10.6 There is a security loophole in the previous version of Mahara, the previous version of 23.04.6 and the previous version of 24.04.1, which stems from the malicious JavaScript code contained in the uploading name, which could lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mahara

Published

2025-08-26

Last Modified

2026-02-24

References

https://mahara.org/interaction/forum/topic.php?id=9519 https://git.mahara.org/catalyst-security/mahara-security/-/merge_requests/6 https://nvd.nist.gov/vuln/detail/CVE-2024-35203

Patch

https://mahara.org/