Lucene search

[email protected]CVE-2018-10428

HistoryMay 23, 2018 - 8:29 p.m.

CVE-2018-10428

2018-05-2320:29:00

CWE-79

[email protected]

web.nvd.nist.gov

ilias

cve-2018-10428

security

xss

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.9%

JSON

ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.

Affected configurations

NVD

Node

iliasiliasRange<5.1.26

iliasiliasRange5.2.0–5.2.15

iliasiliasRange5.3.0–5.3.4

CPENameOperatorVersion
ilias:iliasiliaslt5.1.26
ilias:iliasiliaslt5.2.15
ilias:iliasiliaslt5.3.4

CPE	Name	Operator	Version
ilias:ilias	ilias	lt	5.1.26
ilias:ilias	ilias	lt	5.2.15
ilias:ilias	ilias	lt	5.3.4

References

packetstormsecurity.com/files/147726/ILIAS-5.3.2-5.2.14-5.1.25-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/542025/100/0/threaded

www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116793&obj_id=116793&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI

www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116805&obj_id=116799&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI

www.ilias.de/docu/ilias.php?ref_id=1719&obj_id=116792&from_page=116805&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-007.txt