CVE-2024-33525 - CERT CVE
ID CVE-2024-33525
Sažetak A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.
Reference
CVSS
Base: 4.3
Impact: 3.4
Exploitability:0.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Zadnje važnije ažuriranje 03-07-2024 - 01:58
Objavljeno 21-05-2024 - 19:15