CVE-2024-25973

Name of the Vulnerable Software and Affected Versions Frentix GmbH OpenOlat LMS (affected versions not specified)

Description The issue concerns multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Additionally, attackers with permissions to create or rename a catalog (sub-category) or create curriculums can enter unfiltered input in the name field, allowing them to execute stored JavaScript code with the permissions of the victim in the context of the user's browser.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.