CVE-2024-25974

{"id": "CVE-2024-25974", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-02-20T08:15:07.823", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Feb/23", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://r.sec-consult.com/openolat", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."}, {"lang": "es", "value": "El LMS OpenOlat de Frentix GmbH se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Es posible cargar archivos dentro del Media Center de OpenOlat versi\u00f3n 18.1.5 (o inferior) como usuario autenticado sin ning\u00fan otro derecho. Aunque los tipos de archivos son limitados, se puede cargar una imagen SVG que contenga un payload XSS. Despu\u00e9s de una carga exitosa, el archivo se puede compartir con grupos de usuarios (incluidos administradores) que pueden ser atacados con el payload de JavaScript."}], "lastModified": "2024-08-01T13:47:57.737", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}