Mike Klostermaier

**Name of the Vulnerable Software and Affected Versions** Frentix GmbH OpenOlat LMS (affected versions not specified) **Description** The issue concerns multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Additionally, attackers with permissions to create or rename a catalog (sub-category) or create curriculums can enter unfiltered input in the name field, allowing them to execute stored JavaScript code with the permissions of the victim in the context of the user's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenOlat versions 18.1.5 and lower **Description** The issue is a stored Cross-Site Scripting (XSS) vulnerability. It allows authenticated users to upload files within the Media Center without additional rights. Although file types are limited, an SVG image containing an XSS payload can be uploaded and shared with groups, including admins, who can then be attacked with the JavaScript payload. **Recommendations** For OpenOlat versions 18.1.5 and lower, consider disabling the file upload feature in the Media Center until a patch is available. Restrict access to the Media Center to minimize the risk of exploitation. Avoid sharing files, especially SVG images, with groups of users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.