GSD-2024-25974

Vulnerability from gsd - Updated: 2024-02-14 06:02
Details
The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.
Aliases
To clipboard 

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-25974"
      ],
      "details": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.",
      "id": "GSD-2024-25974",
      "modified": "2024-02-14T06:02:26.420044Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-research@sec-consult.com",
        "ID": "CVE-2024-25974",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OpenOlat LMS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "18.1.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Frentix GmbH"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Mike Klostermaier (SEC Consult Vulnerability Lab)"
        },
        {
          "lang": "en",
          "value": "Johannes V\u00f6lpel (SEC Consult Vulnerability Lab)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://r.sec-consult.com/openolat",
            "refsource": "MISC",
            "url": "https://r.sec-consult.com/openolat"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2024/Feb/23",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2024/Feb/23"
          }
        ]
      },
      "solution": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."
          },
          {
            "lang": "es",
            "value": "El LMS OpenOlat de Frentix GmbH se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Es posible cargar archivos dentro del Media Center de OpenOlat versi\u00f3n 18.1.5 (o inferior) como usuario autenticado sin ning\u00fan otro derecho. Aunque los tipos de archivos son limitados, se puede cargar una imagen SVG que contenga un payload XSS. Despu\u00e9s de una carga exitosa, el archivo se puede compartir con grupos de usuarios (incluidos administradores) que pueden ser atacados con el payload de JavaScript."
          }
        ],
        "id": "CVE-2024-25974",
        "lastModified": "2024-02-21T07:15:58.427",
        "metrics": {},
        "published": "2024-02-20T08:15:07.823",
        "references": [
          {
            "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "url": "http://seclists.org/fulldisclosure/2024/Feb/23"
          },
          {
            "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "url": "https://r.sec-consult.com/openolat"
          }
        ],
        "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.