Description Sakai through 12.6 allows XSS via a chat user name. Remediation References https://github.com/sakaiproject/sakai/pull/6971 Related Vulnerabilities CVE-2020-7597 Vulnerability in npm package codecov CVE-2020-15152 Vulnerability in npm package ftp-srv CVE-2018-11039 Vulnerability in maven package org.springframework:spring-web CVE-2019-0233 Vulnerability in maven package org.apache.struts:struts2-core CVE-2023-25572 Vulnerability in npm package react-admin Severity High Classification CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Patch Third Party Advisory