Security Advisory

CVE-2025-61872

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-24 00:00:00

Last updated 2026-04-24 15:03:27

Assigner mitre

State PUBLISHED

Description

Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the search site feature when using the Elasticsearch7 search plugin. The Elasticsearch function does not properly sanitize input in the query parameter.

← Browse all CVEs View on cve.org ↗