Description

Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAI_SITE_GROUP table for titles and descriptions that contain this info.

INFO

Published Date :

2026-03-26T16:45:59.734Z

Last Modified :

2026-03-26T18:49:31.777Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33402 vulnerability.

Vendors Products
Sakaiproject
  • Sakai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33402.

URL Resource
https://github.com/sakaiproject/sakai/security/advisories/GHSA-6g62-3898-hpvm cve-icon cve-icon
https://sakaiproject.atlassian.net/browse/SAK-52311 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability