Vulnerability Description
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ilias | Ilias | >= 7.0, < 7.30 |
Related Weaknesses (CWE)
References
- https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=Patch
- https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-inExploitThird Party Advisory
- https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=Patch
- https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-inExploitThird Party Advisory
FAQ
What is CVE-2024-33527?
CVE-2024-33527 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with admi...
How severe is CVE-2024-33527?
CVE-2024-33527 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-33527?
Check the references section above for vendor advisories and patch information. Affected products include: Ilias Ilias.