The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: SEC-VLab
Published: 2024-02-20T08:02:44.251Z
Updated: 2024-08-01T23:52:06.435Z
Reserved: 2024-02-13T09:28:28.809Z
Link: CVE-2024-25974
Vulnrichment
Updated: 2024-08-01T23:52:06.435Z
NVD
Status : Awaiting Analysis
Published: 2024-02-20T08:15:07.823
Modified: 2024-08-01T13:47:57.737
Link: CVE-2024-25974
Redhat
No data.