github - ghsa-vq53-2g5p-3wf9

ghsa-vq53-2g5p-3wf9

Vulnerability from github

Published

2024-05-21 21:30

Modified

2024-07-03 18:43

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Details

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-33525"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T19:15:10Z",
    "severity": "MODERATE"
  },
  "details": "A Stored Cross-site Scripting (XSS) vulnerability in the \"Import of organizational units and title of organizational unit\" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.",
  "id": "GHSA-vq53-2g5p-3wf9",
  "modified": "2024-07-03T18:43:01Z",
  "published": "2024-05-21T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33525"
    },
    {
      "type": "WEB",
      "url": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui\u0026cmd=layout\u0026ref_id=1719\u0026obj_id=159938"
    },
    {
      "type": "WEB",
      "url": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui\u0026cmd=layout\u0026ref_id=1719\u0026obj_id=170029"
    },
    {
      "type": "WEB",
      "url": "https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui\u0026cmd=layout\u0026ref_id=1719\u0026obj_id=170040"
    },
    {
      "type": "WEB",
      "url": "https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-33525

Vulnerability from cvelistv5

Published

2024-05-21 18:50

Modified

2025-02-13 15:52

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Summary

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

References

▼	URL	Tags
	https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029
	https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170040
	https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=159938
	https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1/

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website