CVE-2024-25974

20.02.2024, 08:15

The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
SEC-VLab	CNA	---				---
CISA-ADP	ADP	5.4 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 38%

Vendor	Product	Version
frentix	openolat	𝑥 < 18.1.6

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

http://seclists.org/fulldisclosure/2024/Feb/23

https://r.sec-consult.com/openolat

http://seclists.org/fulldisclosure/2024/Feb/23

https://r.sec-consult.com/openolat