CVE-2026-33402
SAK-52311: Sakai site-manage group titles can contain XSS content
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAI_SITE_GROUP table for titles and descriptions that contain this info.
| CWE | CWE-79 |
| Vendor | sakaiproject |
| Product | sakai |
| Published | Mar 26, 2026 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for sakaiproject sakai
Be the first to know when new unknown vulnerabilities affecting sakaiproject sakai are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
sakaiproject / sakai
>= 23.0, < 23.5 >= 25.0, < 25.2