Lucene search
K

5 matches found

BDU FSTEC
BDU FSTEC
added 2024/07/01 12:0 a.m.5 views

The vulnerability of the Collection Preview component of the edu-sharing e-learning platform management system allows a perpetrator to execute arbitrary code or trigger a service failure.

The vulnerability of the Collection Preview component in the edu-sharing e-learning platform management system involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code using a specially created HTML file, or to...

6.5CVSS5.9AI score0.00831EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.386 views

Edu-Sharing Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...

7.1AI score0.00831EPSS
Exploits1
NVD
NVD
added 2024/06/20 11:15 a.m.23 views

CVE-2024-28147

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

7.4CVSS0.00831EPSS
Exploits1References3
CVE
CVE
added 2024/06/20 10:46 a.m.62 views

CVE-2024-28147

Edu-sharing (pre-9.0.0-RC19) is affected by CVE-2024-28147: an authenticated user can upload arbitrary files via the collection preview image upload, enabling Stored XSS through HTML/JavaScript execution when users access the direct image URL and potential DoS via SVG with nested XML entities. Af...

7.4CVSS7.4AI score0.00831EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.5 views

PT-2024-4409 · Unknown · Edu-Sharing

Name of the Vulnerable Software and Affected Versions: edu-sharing versions 8.0.8-RC2, 8.1.4-RC0, 9.0.0-RC19 can be simplified to: edu-sharing versions prior to 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 However, given the instruction to consolidate ranges into the most concise form and considering the...

7.4CVSS6.7AI score0.00831EPSS
Exploits1References7
Rows per page
Query Builder