Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.Referenceshttps://bugs.launchpad.net/mahara/+bug/1968920https://mahara.org/interaction/forum/topic.php?id=9095
