CVE-2024-25974 - Vulnerability Details - OpenCVE

The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Frentix	Openolat

No data.

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2024/Feb/23
https://r.sec-consult.com/openolat

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Frentix Frentix openolat
CPEs		cpe:2.3:a:frentix:openolat:-:::::::*
Vendors & Products		Frentix Frentix openolat
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: SEC-VLab

Published: 2024-02-20T08:02:44.251Z

Updated: 2025-02-13T17:40:56.325Z

Reserved: 2024-02-13T09:28:28.809Z

Link: CVE-2024-25974

Vulnrichment

Updated: 2024-08-01T23:52:06.435Z

NVD

Status : Awaiting Analysis

Published: 2024-02-20T08:15:07.823

Modified: 2024-11-21T09:01:40.907

Link: CVE-2024-25974

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25974", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2024-02-13T09:28:28.809Z", "datePublished": "2024-02-20T08:02:44.251Z", "dateUpdated": "2025-02-13T17:40:56.325Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenOlat LMS", "vendor": "Frentix GmbH", "versions": [{"lessThanOrEqual": "18.1.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mike Klostermaier (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Johannes V\u00f6lpel (SEC Consult Vulnerability Lab)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."}], "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-02-21T07:06:03.414Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://r.sec-consult.com/openolat"}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.</span><br><br>"}], "value": "The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities."}], "source": {"discovery": "EXTERNAL"}, "title": "Stored Cross-Site Scripting (XSS) within the Media Center", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "frentix", "product": "openolat", "cpes": ["cpe:2.3:a:frentix:openolat:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "18.1.5", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T15:16:09.389869Z", "id": "CVE-2024-25974", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:27:51.851Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.435Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://r.sec-consult.com/openolat"}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://r.sec-consult.com/openolat", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.435Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25974", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T15:16:09.389869Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:frentix:openolat:-:*:*:*:*:*:*:*"], "vendor": "frentix", "product": "openolat", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "18.1.5"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.784Z"}}], "cna": {"title": "Stored Cross-Site Scripting (XSS) within the Media Center", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mike Klostermaier (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Johannes V\u00f6lpel (SEC Consult Vulnerability Lab)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Frentix GmbH", "product": "OpenOlat LMS", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "18.1.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.</span><br><br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/openolat", "tags": ["third-party-advisory"]}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.", "supportingMedia": [{"type": "text/html", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-02-21T07:06:03.414Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25974", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:40:56.325Z", "dateReserved": "2024-02-13T09:28:28.809Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2024-02-20T08:02:44.251Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."}, {"lang": "es", "value": "El LMS OpenOlat de Frentix GmbH se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Es posible cargar archivos dentro del Media Center de OpenOlat versi\u00f3n 18.1.5 (o inferior) como usuario autenticado sin ning\u00fan otro derecho. Aunque los tipos de archivos son limitados, se puede cargar una imagen SVG que contenga un payload XSS. Despu\u00e9s de una carga exitosa, el archivo se puede compartir con grupos de usuarios (incluidos administradores) que pueden ser atacados con el payload de JavaScript."}], "id": "CVE-2024-25974", "lastModified": "2024-11-21T09:01:40.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-20T08:15:07.823", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "http://seclists.org/fulldisclosure/2024/Feb/23"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "url": "https://r.sec-consult.com/openolat"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Feb/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://r.sec-consult.com/openolat"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}]}