CVE-2024-25973

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-25973
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25973.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-25973
Published
2024-02-20T08:15:07.717Z
Modified
2026-04-10T05:10:49.321216Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.

References

Affected packages

Git / github.com/openolat/openolat

Affected ranges

Type
GIT
Repo
https://github.com/openolat/openolat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
837f89dea235ba6f937d75e74a4db11f557531ff
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "18.1.6"
        }
    ]
}

Affected versions

OLAT-7.*
OLAT-7.1.0
OpenOLAT_10.*
OpenOLAT_10.0.0
OpenOLAT_10.0.1
OpenOLAT_10.0.2
OpenOLAT_10.0.3
OpenOLAT_10.0.4
OpenOLAT_10.0.5
OpenOLAT_11.*
OpenOLAT_11.3.0
OpenOLAT_12.*
OpenOLAT_12.2.0
OpenOLAT_12.3.0
OpenOLAT_13.*
OpenOLAT_13.0.0
OpenOLAT_13.0.0beta1
OpenOLAT_13.0.0beta3
OpenOLAT_13.0.0beta4
OpenOLAT_13.0.0beta5
OpenOLAT_13.0.0beta6
OpenOLAT_13.0.0beta7
OpenOLAT_13.0.0beta8
OpenOLAT_13.0.0beta9
OpenOLAT_13.2.0
OpenOLAT_14.*
OpenOLAT_14.0.0
OpenOLAT_15.*
OpenOLAT_15.0.0
OpenOLAT_15.1.0
OpenOLAT_15.2.0
OpenOLAT_15.3.0
OpenOLAT_15.4.0
OpenOLAT_15.5.0
OpenOLAT_15.pre.0.a
OpenOLAT_15.pre.1
OpenOLAT_15.pre.2
OpenOLAT_15.pre.3
OpenOLAT_15.pre.4
OpenOLAT_15.pre.6
OpenOLAT_15.pre.7
OpenOLAT_15.pre.9
OpenOLAT_16.*
OpenOLAT_16.0.0
OpenOLAT_16.1.0
OpenOLAT_16.2.0
OpenOLAT_17.*
OpenOLAT_17.0.0
OpenOLAT_17.1.0
OpenOLAT_17.2.0
OpenOLAT_18.*
OpenOLAT_18.0.0
OpenOLAT_18.1.0
OpenOLAT_18.1.2
OpenOLAT_18.1.3
OpenOLAT_18.1.4
OpenOLAT_18.1.5
OpenOLAT_8.*
OpenOLAT_8.1
OpenOLAT_8.1.1
OpenOLAT_8.1.2
OpenOLAT_9.*
OpenOLAT_9.0.0
OpenOLAT_9.1.0
OpenOLAT_9.2.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25973.json"