Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-28147

Summary
Assigner-SEC-VLab
Assigner Org ID-551230f0-3615-47bd-b7cc-93e92e730bbf
Published At-20 Jun, 2024 | 10:46
Updated At-13 Feb, 2025 | 17:47
Rejected At-
Credits

Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack. This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SEC-VLab
Assigner Org ID:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:20 Jun, 2024 | 10:46
Updated At:13 Feb, 2025 | 17:47
Rejected At:
▼CVE Numbering Authority (CNA)
Unrestricted Upload of Files in edu-sharing

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack. This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.

Affected Products
Vendor
metaVentis GmbH
Product
edu-sharing
Default Status
affected
Versions
Affected
  • <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-592CAPEC-592 Stored XSS
CAPEC ID: CAPEC-592
Description: CAPEC-592 Stored XSS
Solutions

The repository base version in use can be identified in the Admin-Tools. The vendor provides a patch for the affected versions: * Version 8.0: Update repository version to "8.0.8-RC2" or later * Version 8.1: Update repository version to "8.1.4-RC0" or later * Version 9.0: Update repository version to "9.0.0-RC19" or later

Configurations
Workarounds
Exploits
Credits
finder
Kai Zimmermann, SEC Consult Vulnerability Lab
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://r.sec-consult.com/metaventis
third-party-advisory
http://seclists.org/fulldisclosure/2024/Jun/11
N/A
Hyperlink: https://r.sec-consult.com/metaventis
Resource:
third-party-advisory
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/11
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
metaventis
Product
edu-sharing
CPEs
  • cpe:2.3:a:metaventis:edu-sharing:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 8.0.8-rc2 (custom)
  • From 0 before 8.1.4-rc0 (custom)
  • From 0 before 9.0.0-rc19 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://packetstormsecurity.com/files/179199
third-party-advisory
exploit
technical-description
https://r.sec-consult.com/metaventis
third-party-advisory
x_transferred
http://seclists.org/fulldisclosure/2024/Jun/11
x_transferred
Hyperlink: https://packetstormsecurity.com/files/179199
Resource:
third-party-advisory
exploit
technical-description
Hyperlink: https://r.sec-consult.com/metaventis
Resource:
third-party-advisory
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/11
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:551230f0-3615-47bd-b7cc-93e92e730bbf
Published At:20 Jun, 2024 | 11:15
Updated At:01 Aug, 2024 | 13:49

An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack. This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-434Secondary551230f0-3615-47bd-b7cc-93e92e730bbf
CWE ID: CWE-434
Type: Secondary
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2024/Jun/11551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
https://r.sec-consult.com/metaventis551230f0-3615-47bd-b7cc-93e92e730bbf
N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/11
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A
Hyperlink: https://r.sec-consult.com/metaventis
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found