CVE-2024-25974
MEDIUMOpenOlat < 18.1.6 - Authenticated Stored Cross-Site Scripting via SVG Upload
Title source: llmDescription
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
References (2)
Core 2
Core References
Exploit, Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2024/Feb/23
Exploit, Third Party Advisory third-party-advisory
https://r.sec-consult.com/openolat
Scores
CVSS v3
5.4
EPSS
0.0055
EPSS Percentile
41.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
CWE-79
Status
published
Products (1)
frentix/openolat
< 18.1.6
Published
Feb 20, 2024
Tracked Since
Feb 18, 2026