Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistSEC-VLabCVELIST:CVE-2024-25974
HistoryFeb 20, 2024 - 8:02 a.m.

CVE-2024-25974 Stored Cross-Site Scripting (XSS) within the Media Center

2024-02-2008:02:44
CWE-20
SEC-VLab
www.cve.org
openolat
lms
cve-2024-25974
stored xss
media center
frentix gmbh
openolat version 18.1.5
svg
javascript
file upload
vulnerability

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.Β It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.Β After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenOlat LMS",
    "vendor": "Frentix GmbH",
    "versions": [
      {
        "lessThanOrEqual": "18.1.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
zdt 1
packetstorm 1
prion
prion
Cross site scripting
2024-02-20 08:15:00
nvd
nvd
CVE-2024-25974
2024-02-20 08:15:07
cve
cve
CVE-2024-25974
2024-02-20 08:15:07
zdt
zdt
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation Vulnerabilities
2024-02-21 00:00:00
packetstorm
packetstorm
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation
2024-02-21 00:00:00

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON
Related for CVELIST:CVE-2024-25974
prion1nvd1cve1zdt1packetstorm1