CVE-2024-25974

CVSS V2 None CVSS V3 None
Description
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
Overview
  • CVE ID
  • CVE-2024-25974
  • Assigner
  • SEC-VLab
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-02-20T08:02:44.251Z
  • Last Modified Date
  • 2024-02-20T08:02:44.251Z
References
History
Created Old Value New Value Data Type Notes
2024-06-26 13:09:46 Added to TrackCVE