Main Vulnerability Database SB2024031150

SB2024031150 - Input validation error in OpenOlat

Published: March 11, 2024 Updated: April 27, 2026

Security Bulletin ID SB2024031150

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: N/A)

The vulnerability allows a remote user to inject malicious HTML content into emails.

The vulnerability exists due to improper input validation in email templates when sending email messages containing user-supplied values. A remote user can enter specially crafted content to inject malicious HTML content into emails.

User interaction is required to view the crafted email content.

Remediation

Install update from vendor's website.

References

https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-g78w-95q9-v739
https://github.com/advisories/GHSA-g78w-95q9-v739