Openolat Security Vulnerabilities and Issues — Openolat CVE List

Lucene search

FrentixOpenolat

7 matches found

CVE•added 2024/02/20 8:15 a.m.•8618 views

CVE-2024-25973

The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-cate...

5.4CVSS5.1AI score0.0026EPSS

CVE•added 2024/02/20 8:15 a.m.•3942 views

CVE-2024-25974

The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing...

5.4CVSS5AI score0.00167EPSS

CVE•added 2024/03/11 8:15 p.m.•86 views

CVE-2024-28198

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18....

7.5CVSS4.7AI score0.00078EPSS

CVE•added 2021/08/31 6:15 p.m.•39 views

CVE-2021-39180

OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user (e.g. the tomcat user). Dependi...

9CVSS8.7AI score0.01222EPSS

CVE•added 2021/09/01 8:15 p.m.•35 views

CVE-2021-39181

OpenOlat is a web-based learning management system (LMS). Prior to version 15.3.18, 15.5.3, and 16.0.0, using a prepared import XML file (e.g. a course) any class on the Java classpath can be instantiated, including spring AOP bean factories. This can be used to execute code arbitrary code by the a...

8.8CVSS8.8AI score0.00546EPSS

CVE•added 2021/12/10 11:15 p.m.•32 views

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywher...

8.1CVSS8AI score0.00788EPSS

CVE•added 2021/10/18 9:15 p.m.•28 views

CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on ...

7.7CVSS7.4AI score0.0054EPSS