Stored Cross-site Scripting Vulnerability in ILIAS eLearning Platform
CVE-2024-33528
4.7MEDIUM
What is CVE-2024-33528?
A vulnerability exists in the ILIAS eLearning platform that permits remote authenticated attackers with tutor privileges to conduct Stored Cross-site Scripting attacks. This exploitation occurs when attackers upload XML files that contain arbitrary web scripts or HTML, resulting in potential unauthorized access and data compromise. Versions of ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 are affected, highlighting the critical need for timely updates and security measures to safeguard against such exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published