A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.
{
"unresolved_ranges": [
{
"source": "DESCRIPTION",
"extracted_events": [
{
"introduced": "7"
},
{
"fixed": "7.30"
},
{
"introduced": "8"
},
{
"fixed": "8.11"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/33xxx/CVE-2024-33526.json",
"cna_assigner": "mitre"
}