CVE-2024-33528
CVE-2024-33528 is a Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7.x before 7.30 and 8.x before 8.11. Remote authenticated attackers with tutor privileges can inject arbitrary web script or HTML via XML file uploads. Root cause relates to how XML uploads are processed (stored XSS). Im...