Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2024/06/24 12:0 a.m.387 views

Edu-Sharing Arbitrary File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload product: edu-sharing metaVentis GmbH vulnerable versions: =8.0.8-RC2, =8.1.4-RC0, =9.0.0-RC19 CVE number: CVE-2024-28147 impact: high homepage:...

7.1AI score0.00831EPSS
Exploits1
Cvelist
Cvelist
added 2024/06/20 10:46 a.m.37 views

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

0.00831EPSS
Exploits1References2
CVE
CVE
added 2024/06/20 10:46 a.m.62 views

CVE-2024-28147

Edu-sharing (pre-9.0.0-RC19) is affected by CVE-2024-28147: an authenticated user can upload arbitrary files via the collection preview image upload, enabling Stored XSS through HTML/JavaScript execution when users access the direct image URL and potential DoS via SVG with nested XML entities. Af...

7.4CVSS7.4AI score0.00831EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/06/20 10:46 a.m.15 views

CVE-2024-28147 Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image Stored Cross Site Scripting. It...

6.8AI score0.00831EPSS
Exploits1References2
Rows per page
Query Builder