CVE-2024-33527 Information

Description

A Stored Cross-site Scripting (XSS) vulnerability in the \Import of Users and login name of user\ feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.

Reference

https://docu.ilias.de/ilias.php?baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029