Stored XSS Vulnerability in Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 with Embedly CSS Class

Stored XSS Vulnerability in Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 with Embedly CSS Class

CVE-2022-29584 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.

Learn more about our Web Application Penetration Testing UK.