61 matches found
CVE-2026-33402
Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...
CVE-2026-33402
Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...
CVE-2026-33402
Sakai (CLE) vulnerability CVE-2026-33402 affects versions 23.0–23.4 and 25.0–25.1, where group titles and descriptions can contain cross-site scripting scripts. The fix is included in releases 23.5 and 25.2. As a workaround, verify the SAKAI_SITE_GROUP table for titles/descriptions that may conta...
EUVD-2026-16256
Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...
CVE-2026-33402 SAK-52311: Sakai site-manage group titles can contain XSS content
Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...
CVE-2026-33402
Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...
CVE-2026-33402 SAK-52311: Sakai site-manage group titles can contain XSS content
Sakai is a Collaboration and Learning Environment CLE. In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is included in releases 25.2 and 23.5. As a workaround, one can check the SAKAISITEGROUP table for titles an...
PT-2026-28480
Name of the Vulnerable Software and Affected Versions Sakai versions 23.0 through 23.4 Sakai versions 25.0 through 25.1 Description Sakai is a Collaboration and Learning Environment CLE. Group titles and descriptions can contain cross-site scripting scripts. The issue affects versions 23.0 throug...
Sakai 跨站脚本漏洞
Sakai is an open-source technology solution provided free of charge by Apereo Sakai, featuring rich functionality for learning, teaching, research, and collaboration. Versions of Sakai prior to 23.4 and 25.1 prior to 25.1 contain a cross-site scripting vulnerability. This vulnerability stems from...
Predictable Random Number Generator (PRNG)
org.sakaiproject.kernel, sakai-kernel-impl is vulnerable to Use of a Predictable Random Number Generator PRNG. The vulnerability is due to the use of java.util.Random, a non-cryptographic PRNG, for initializing the AES256TextEncryptor password, which allows an attacker to predict the encryption k...
CVE-2025-62710
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
CVE-2025-62710
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
org.sakaiproject.kernel:sakai-kernel-component (>=1.3.0 <=10.7) potentially affected by CVE-2025-62710 via org.sakaiproject.kernel:sakai-kernel-impl (>=10.3 <=1.3.3)
org.sakaiproject.kernel:sakai-kernel-impl MAVEN version =10.3, =1.3.0, =10.7 Source cves: CVE-2025-62710 Source advisory: SNYK:JAVA-ORGSAKAIPROJECTKERNEL-13669871...
org.sakaiproject.scheduler:scheduler-assembly (>=2.9.0 <=2.9.3), org.sakaiproject.scheduler:scheduler-test-component-shared (>=2.9.0 <=23.3) +2 more potentially affected by CVE-2025-62710 via org.sakaiproject.scheduler:scheduler-component-shared (>=10.3 <=2.9.3)
org.sakaiproject.scheduler:scheduler-component-shared MAVEN version =10.3, =2.9.0, =2.9.0, =2.9.0, =2.3.0, =11.4 Source cves: CVE-2025-62710 Source advisory: SNYK:JAVA-ORGSAKAIPROJECTSCHEDULER-13669872...
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
EUVD-2025-35634
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
CVE-2025-62710
CVE-2025-62710 affects Sakai (Sakai kernel-impl) where EncryptionUtilityServiceImpl initializes an AES-256 text encryptor password (serverSecretKey) with RandomStringUtils backed by java.util.Random. The non-cryptographic PRNG can be predicted from limited state/seed information, reducing the sea...
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...