{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25974", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "state": "PUBLISHED", "assignerShortName": "SEC-VLab", "dateReserved": "2024-02-13T09:28:28.809Z", "datePublished": "2024-02-20T08:02:44.251Z", "dateUpdated": "2025-02-13T17:40:56.325Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenOlat LMS", "vendor": "Frentix GmbH", "versions": [{"lessThanOrEqual": "18.1.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mike Klostermaier (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Johannes V\u00f6lpel (SEC Consult Vulnerability Lab)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.&nbsp;It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.&nbsp;After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."}], "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-02-21T07:06:03.414Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://r.sec-consult.com/openolat"}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.</span><br><br>"}], "value": "The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities."}], "source": {"discovery": "EXTERNAL"}, "title": "Stored Cross-Site Scripting (XSS) within the Media Center", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "frentix", "product": "openolat", "cpes": ["cpe:2.3:a:frentix:openolat:-:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "18.1.5", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T15:16:09.389869Z", "id": "CVE-2024-25974", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:27:51.851Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.435Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://r.sec-consult.com/openolat"}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://r.sec-consult.com/openolat", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:52:06.435Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-25974", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-17T15:16:09.389869Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:frentix:openolat:-:*:*:*:*:*:*:*"], "vendor": "frentix", "product": "openolat", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "18.1.5"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:39.784Z"}}], "cna": {"title": "Stored Cross-Site Scripting (XSS) within the Media Center", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mike Klostermaier (SEC Consult Vulnerability Lab)"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Johannes V\u00f6lpel (SEC Consult Vulnerability Lab)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Frentix GmbH", "product": "OpenOlat LMS", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "18.1.5"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The vendor provides a patched version 18.1.6 or higher for the mentioned vulnerabilities.</span><br><br>", "base64": false}]}], "references": [{"url": "https://r.sec-consult.com/openolat", "tags": ["third-party-advisory"]}, {"url": "http://seclists.org/fulldisclosure/2024/Feb/23"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.", "supportingMedia": [{"type": "text/html", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.&nbsp;It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.&nbsp;After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "shortName": "SEC-VLab", "dateUpdated": "2024-02-21T07:06:03.414Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25974", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:40:56.325Z", "dateReserved": "2024-02-13T09:28:28.809Z", "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf", "datePublished": "2024-02-20T08:02:44.251Z", "assignerShortName": "SEC-VLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frentix:openolat:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7A58DE8-BC68-48E5-B2B6-4B2196FE1FA7", "versionEndExcluding": "18.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability.\u00a0It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded.\u00a0After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload."}, {"lang": "es", "value": "El LMS OpenOlat de Frentix GmbH se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Es posible cargar archivos dentro del Media Center de OpenOlat versi\u00f3n 18.1.5 (o inferior) como usuario autenticado sin ning\u00fan otro derecho. Aunque los tipos de archivos son limitados, se puede cargar una imagen SVG que contenga un payload XSS. Despu\u00e9s de una carga exitosa, el archivo se puede compartir con grupos de usuarios (incluidos administradores) que pueden ser atacados con el payload de JavaScript."}], "id": "CVE-2024-25974", "lastModified": "2025-04-02T20:10:53.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-20T08:15:07.823", "references": [{"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Feb/23"}, {"source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "tags": ["Exploit", "Third Party Advisory"], "url": "https://r.sec-consult.com/openolat"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2024/Feb/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://r.sec-consult.com/openolat"}], "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "551230f0-3615-47bd-b7cc-93e92e730bbf", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}