Vulnerability Description
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ilias | Ilias | >= 7.0, < 7.30 |
Related Weaknesses (CWE)
References
- https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=Patch
- https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-inExploitThird Party Advisory
- https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=Patch
- https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-inExploitThird Party Advisory
FAQ
What is CVE-2024-33526?
CVE-2024-33526 is a vulnerability with a CVSS score of 7.1 (HIGH). A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with ...
How severe is CVE-2024-33526?
CVE-2024-33526 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-33526?
Check the references section above for vendor advisories and patch information. Affected products include: Ilias Ilias.