# Affected software: //demo.olat.org/
# Discovered by: Provensec
# Website: http://www.provensec.com
# Type of vulnerability: Stored XSS
# Author: Ankit Bharathan ,Provensec labs
# Description: Goto personal folder open any folder and create a new
document xss.tct
and then edit it fill field with "><img src=d
onerror=confirm(/provensec/);>

Then open folder and in new tab
example:

http://demo.olat.org/olat/auth/1%3A2%3A1001302707%3A6%3A0%3Aserv%3Ax/public/dddd.tct.html