Description Sakai through 12.6 allows XSS via a chat user name. Remediation References https://github.com/sakaiproject/sakai/pull/6971 Related Vulnerabilities CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-parent CVE-2020-28450 Vulnerability in npm package decal CVE-2019-16763 Vulnerability in maven package org.webjars.npm:pannellum CVE-2021-31403 Vulnerability in maven package com.vaadin:vaadin-server CVE-2022-22143 Vulnerability in npm package convict Severity High Classification CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Patch Third Party Advisory