CVE-2024-33525

Name of the Vulnerable Software and Affected Versions ILIAS versions 7.20 through 7.29 ILIAS versions 8.4 through 8.10 ILIAS version 9.0

Description A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

Recommendations For ILIAS versions 7.20 through 7.29, update to a version outside of this range to mitigate the risk. For ILIAS versions 8.4 through 8.10, update to a version outside of this range to mitigate the risk. For ILIAS version 9.0, update to a newer version to mitigate the risk.