CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-33402

Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAI_SITE_GROUP table for titles and descriptions that contain this info.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/sakaiproject/sakai/security/advisories/GHSA-6g62-3898-hpvm
https://sakaiproject.atlassian.net/browse/SAK-52311

Products affected by CVE-2026-33402

Sakailms » Sakai » Version: 23.0

cpe:2.3:a:sakailms:sakai:23.0
Sakailms » Sakai » Version: 23.1

cpe:2.3:a:sakailms:sakai:23.1
Sakailms » Sakai » Version: 23.2

cpe:2.3:a:sakailms:sakai:23.2
Sakailms » Sakai » Version: 23.3

cpe:2.3:a:sakailms:sakai:23.3
Sakailms » Sakai » Version: 23.4

cpe:2.3:a:sakailms:sakai:23.4
Sakailms » Sakai » Version: 25.0

cpe:2.3:a:sakailms:sakai:25.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-33402

Products

Pricing

Contact Us