The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: SEC-VLab
Published: 2024-02-20T08:00:37.226Z
Updated: 2024-08-01T23:52:06.478Z
Reserved: 2024-02-13T09:28:28.809Z
Link: CVE-2024-25973
Vulnrichment
Updated: 2024-08-01T23:52:06.478Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T08:15:07.717
Modified: 2024-02-21T07:15:58.040
Link: CVE-2024-25973
Redhat
No data.