Description

Sakai through 12.6 allows XSS via a chat user name.

Remediation

References

https://github.com/sakaiproject/sakai/pull/6971

Related Vulnerabilities

CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-jdbc

CVE-2016-0779 Vulnerability in maven package org.apache.tomee:arquillian-tomee-embedded

CVE-2015-6748 Vulnerability in maven package org.jsoup:jsoup

CVE-2022-39366 Vulnerability in maven package io.acryl:datahub-client

CVE-2022-25873 Vulnerability in maven package org.webjars.bowergithub.vuetifyjs:vuetify

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory