CVE-2024-33528

A Stored Cross-site Scripting XSS vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...

CVE-2024-33528

A Stored Cross-site Scripting XSS vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...

CVE-2024-33528

A Stored Cross-site Scripting XSS vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...

CVE-2024-33528

CVE-2024-33528 is a Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7.x before 7.30 and 8.x before 8.11. Remote authenticated attackers with tutor privileges can inject arbitrary web script or HTML via XML file uploads. Root cause relates to how XML uploads are processed (stored XSS). Im...

PT-2024-25298 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions 7.0.0 through 7.29 ILIAS versions 8.0.0 through 8.10 Description: A Stored Cross-site Scripting XSS issue allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...