Stored Cross-site Scripting Vulnerability in ILIAS eLearning Platform
CVE-2024-33528

4.7MEDIUM

Key Information:

Vendor: ILIAS
Status: Ilias
Vendor: CVE Published:; 21 May 2024

What is CVE-2024-33528?

A vulnerability exists in the ILIAS eLearning platform that permits remote authenticated attackers with tutor privileges to conduct Stored Cross-site Scripting attacks. This exploitation occurs when attackers upload XML files that contain arbitrary web scripts or HTML, resulting in potential unauthorized access and data compromise. Versions of ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 are affected, highlighting the critical need for timely updates and security measures to safeguard against such exploitation.

References

https://docu.ilias.de/ilias.php?baseClass=illmpresentatio...

https://insinuator.net/2024/05/security-advisory-achievin...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2024

CVE-2024-33528 Data

JSON