Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by metaVentis GmbH

    CVE-2024-28147 (GCVE-0-2024-28147)

    Vulnerability from nvd – Published: 2024-06-20 10:46 – Updated: 2025-02-13 17:47
    VLAI
    Title
    Unrestricted Upload of Files in edu-sharing
    Summary
    An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack. This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    metaVentis GmbH edu-sharing Affected: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19 (custom)
    Create a notification for this product.
    metaventis edu-sharing Affected: 0 , < 8.0.8-rc2 (custom)
    Affected: 0 , < 8.1.4-rc0 (custom)
    Affected: 0 , < 9.0.0-rc19 (custom)
        cpe:2.3:a:metaventis:edu-sharing:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Kai Zimmermann, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:metaventis:edu-sharing:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edu-sharing",
                "vendor": "metaventis",
                "versions": [
                  {
                    "lessThan": "8.0.8-rc2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.4-rc0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "9.0.0-rc19",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28147",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T20:36:12.469883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T20:38:56.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.046Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "exploit",
                  "technical-description"
                ],
                "url": "https://packetstormsecurity.com/files/179199"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://r.sec-consult.com/metaventis"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jun/11"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "edu-sharing",
              "vendor": "metaVentis GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c8.0.8-RC2, \u003c8.1.4-RC0, \u003c9.0.0-RC19",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kai Zimmermann, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn authenticated user can upload arbitrary files in the upload \nfunction for collection preview images. An attacker may upload an HTML \nfile that includes malicious JavaScript code which will be executed if a\n user visits the direct URL of the collection preview image (Stored \nCross Site Scripting). It is also possible to upload SVG files that \ninclude nested XML entities. Those are parsed when a user visits the \ndirect URL of the collection preview image, which may be utilized for a \nDenial of Service attack.\u003c/p\u003e\u003cp\u003eThis issue affects edu-sharing: \u0026lt;8.0.8-RC2, \u0026lt;8.1.4-RC0, \u0026lt;9.0.0-RC19.\u003c/p\u003e"
                }
              ],
              "value": "An authenticated user can upload arbitrary files in the upload \nfunction for collection preview images. An attacker may upload an HTML \nfile that includes malicious JavaScript code which will be executed if a\n user visits the direct URL of the collection preview image (Stored \nCross Site Scripting). It is also possible to upload SVG files that \ninclude nested XML entities. Those are parsed when a user visits the \ndirect URL of the collection preview image, which may be utilized for a \nDenial of Service attack.\n\nThis issue affects edu-sharing: \u003c8.0.8-RC2, \u003c8.1.4-RC0, \u003c9.0.0-RC19."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-24T04:06:02.487Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/metaventis"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jun/11"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe repository base version in use can be identified in the Admin-Tools. The vendor provides a patch for the affected versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVersion 8.0: Update repository version to \"8.0.8-RC2\" or later\u003c/li\u003e\u003cli\u003eVersion 8.1: Update repository version to \"8.1.4-RC0\" or later\u003c/li\u003e\u003cli\u003eVersion 9.0: Update repository version to \"9.0.0-RC19\" or later\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "The repository base version in use can be identified in the Admin-Tools. The vendor provides a patch for the affected versions:\n\n  *  Version 8.0: Update repository version to \"8.0.8-RC2\" or later\n  *  Version 8.1: Update repository version to \"8.1.4-RC0\" or later\n  *  Version 9.0: Update repository version to \"9.0.0-RC19\" or later"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted Upload of Files in edu-sharing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2024-28147",
        "datePublished": "2024-06-20T10:46:41.223Z",
        "dateReserved": "2024-03-05T09:15:40.202Z",
        "dateUpdated": "2025-02-13T17:47:16.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-28147 (GCVE-0-2024-28147)

    Vulnerability from cvelistv5 – Published: 2024-06-20 10:46 – Updated: 2025-02-13 17:47
    VLAI
    Title
    Unrestricted Upload of Files in edu-sharing
    Summary
    An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack. This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    metaVentis GmbH edu-sharing Affected: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19 (custom)
    Create a notification for this product.
    metaventis edu-sharing Affected: 0 , < 8.0.8-rc2 (custom)
    Affected: 0 , < 8.1.4-rc0 (custom)
    Affected: 0 , < 9.0.0-rc19 (custom)
        cpe:2.3:a:metaventis:edu-sharing:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Kai Zimmermann, SEC Consult Vulnerability Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:metaventis:edu-sharing:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "edu-sharing",
                "vendor": "metaventis",
                "versions": [
                  {
                    "lessThan": "8.0.8-rc2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.4-rc0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "9.0.0-rc19",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-28147",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T20:36:12.469883Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T20:38:56.117Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T00:48:49.046Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory",
                  "exploit",
                  "technical-description"
                ],
                "url": "https://packetstormsecurity.com/files/179199"
              },
              {
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://r.sec-consult.com/metaventis"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Jun/11"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "edu-sharing",
              "vendor": "metaVentis GmbH",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c8.0.8-RC2, \u003c8.1.4-RC0, \u003c9.0.0-RC19",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kai Zimmermann, SEC Consult Vulnerability Lab"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn authenticated user can upload arbitrary files in the upload \nfunction for collection preview images. An attacker may upload an HTML \nfile that includes malicious JavaScript code which will be executed if a\n user visits the direct URL of the collection preview image (Stored \nCross Site Scripting). It is also possible to upload SVG files that \ninclude nested XML entities. Those are parsed when a user visits the \ndirect URL of the collection preview image, which may be utilized for a \nDenial of Service attack.\u003c/p\u003e\u003cp\u003eThis issue affects edu-sharing: \u0026lt;8.0.8-RC2, \u0026lt;8.1.4-RC0, \u0026lt;9.0.0-RC19.\u003c/p\u003e"
                }
              ],
              "value": "An authenticated user can upload arbitrary files in the upload \nfunction for collection preview images. An attacker may upload an HTML \nfile that includes malicious JavaScript code which will be executed if a\n user visits the direct URL of the collection preview image (Stored \nCross Site Scripting). It is also possible to upload SVG files that \ninclude nested XML entities. Those are parsed when a user visits the \ndirect URL of the collection preview image, which may be utilized for a \nDenial of Service attack.\n\nThis issue affects edu-sharing: \u003c8.0.8-RC2, \u003c8.1.4-RC0, \u003c9.0.0-RC19."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-24T04:06:02.487Z",
            "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
            "shortName": "SEC-VLab"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://r.sec-consult.com/metaventis"
            },
            {
              "url": "http://seclists.org/fulldisclosure/2024/Jun/11"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe repository base version in use can be identified in the Admin-Tools. The vendor provides a patch for the affected versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003eVersion 8.0: Update repository version to \"8.0.8-RC2\" or later\u003c/li\u003e\u003cli\u003eVersion 8.1: Update repository version to \"8.1.4-RC0\" or later\u003c/li\u003e\u003cli\u003eVersion 9.0: Update repository version to \"9.0.0-RC19\" or later\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
                }
              ],
              "value": "The repository base version in use can be identified in the Admin-Tools. The vendor provides a patch for the affected versions:\n\n  *  Version 8.0: Update repository version to \"8.0.8-RC2\" or later\n  *  Version 8.1: Update repository version to \"8.1.4-RC0\" or later\n  *  Version 9.0: Update repository version to \"9.0.0-RC19\" or later"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted Upload of Files in edu-sharing",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "assignerShortName": "SEC-VLab",
        "cveId": "CVE-2024-28147",
        "datePublished": "2024-06-20T10:46:41.223Z",
        "dateReserved": "2024-03-05T09:15:40.202Z",
        "dateUpdated": "2025-02-13T17:47:16.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }