Vulnerability CVE-2024-33528
Published: 2024-05-21

Description:
A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload.

 References:
https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029
Copyright 2026, cxsecurity.com

 

Back to Top