Main Vulnerability Database Vulnerabilities #VU128163

Input validation error in OpenOlat - #VU128163

Published: March 11, 2024 / Updated: April 27, 2026

Vulnerability identifier: #VU128163

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenOlat

Software vendor:
OpenOlat

Description

The vulnerability allows a remote user to inject malicious HTML content into emails.

The vulnerability exists due to improper input validation in email templates when sending email messages containing user-supplied values. A remote user can enter specially crafted content to inject malicious HTML content into emails.

User interaction is required to view the crafted email content.

Remediation

Install security update from vendor's website.

External links

https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-g78w-95q9-v739
https://github.com/advisories/GHSA-g78w-95q9-v739

Input validation error in OpenOlat - #VU128163

Description

Remediation

External links

Please verify you're human