CVE-2024-28147

Name of the Vulnerable Software and Affected Versions edu-sharing versions <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19 can be simplified to: edu-sharing versions prior to 8.0.8-RC2, 8.1.4-RC0, and 9.0.0-RC19 However, given the instruction to consolidate ranges into the most concise form and considering the provided information, the most accurate representation is: edu-sharing versions prior to 9.0.0-RC19

Description An authenticated user can upload arbitrary files in the upload function for collection preview images, allowing an attacker to upload an HTML file that includes malicious JavaScript code. This code will be executed if a user visits the direct URL of the collection preview image, resulting in a Stored Cross Site Scripting attack. Additionally, it is possible to upload SVG files that include nested XML entities, which may be utilized for a Denial of Service attack when a user visits the direct URL of the collection preview image.

Recommendations For versions prior to 8.0.8-RC2, update to version 8.0.8-RC2 or later. For versions prior to 8.1.4-RC0, update to version 8.1.4-RC0 or later. For versions prior to 9.0.0-RC19, update to version 9.0.0-RC19 or later. As a temporary workaround, consider restricting access to the upload function for collection preview images until a patch is available. Restrict the types of files that can be uploaded to prevent malicious files from being executed. Avoid using the direct URL of the collection preview image until the issue is resolved.