Description Sakai through 12.6 allows XSS via a chat user name. Remediation References https://github.com/sakaiproject/sakai/pull/6971 Related Vulnerabilities CVE-2021-42340 Vulnerability in maven package org.apache.tomcat:tomcat-websocket CVE-2020-28500 Vulnerability in npm package lodash CVE-2023-29519 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui CVE-2022-0624 Vulnerability in npm package parse-path CVE-2023-26487 Vulnerability in npm package vega-functions Severity High Classification CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Patch Third Party Advisory