exploitDog

GHSA-vq53-2g5p-3wf9

Опубликовано: 21 мая 2024

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.30 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

Ссылки

EPSS

Процентиль: 20%

0.00063

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-33525

CVSS3: 4.3

nvd

больше 1 года назад

A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

EPSS

Процентиль: 20%

0.00063

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-79