Maximilian Zingerle, BSc

CVE-2024-56882 NOMISEC MEDIUM WRITEUP

Sage DPW <2024_12_000 - XSS

Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with the modified data elements.

CVSS 5.4

View Code

CVE-2024-56883 NOMISEC HIGH WRITEUP

Sage DPW <2024_12_001 - Incorrect Access Control

Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other employees, even though they do not have the option to do so in the user interface. To do this, a valid request to create a course simply needs to be modified, so that the current user ID in the "id" parameter is replaced with the ID of another user.

CVSS 8.1

View Code