3 matches found
OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation Vulnerabilities
OpenOLAT versions 18.1.4 and below and versions 18.1.5 and below suffer from multiple persistent cross site scripting vulnerabilities. ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT Frentix GmbH...
CVE-2024-25973 Multiple Stored Cross-Site Scripting Vulnerabilities
The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting XSS vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog...
CVE-2024-25973
Summary: CVE-2024-25973 affects OpenOLAT LMS by Frentix GmbH. The issue comprises multiple stored XSS vulnerabilities that can be triggered when users with specific permissions (group creation/edit, catalog sub-category creation/renaming, or curriculum creation) enter unfiltered input in name fie...