Lucene search

CVE-2018-11117

🗓️ 17 May 2018 13:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 28 Views🌐 WEB

ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2018-11117	17 May 201813:00	–	cvelist
Prion	Design/Logic Flaw	17 May 201813:29	–	prion
NVD	CVE-2018-11117	17 May 201813:29	–	nvd
OSV	CVE-2018-11117	17 May 201813:29	–	osv
OpenVAS	ILIAS < 5.1.27, 5.2.16, 5.3.5 Multiple Vulnerabilities	18 May 201800:00	–	openvas

Nvd

Node

ilias iliasRange5.1.0–5.1.26

ilias iliasRange5.2.0–5.2.15

ilias iliasRange5.3.0–5.3.4

Node

ilias iliasMatch5.1.0beta1

ilias iliasMatch5.2.0beta1

ilias iliasMatch5.2.0beta2

ilias iliasMatch5.2.0beta3

Source	Link
github	www.github.com/ILIAS-eLearning/ILIAS/commit/ff9bf29858f2dbffe828711a6f8bf37038c00d77
ilias	www.ilias.de/docu/goto.php

Parameter	Position	Path	Description	CWE
link	path	/Services/Feeds/classes/class.ilExternalFeedItem.php	The class.ilExternalFeedItem.php file in ILIAS is vulnerable to Cross-Site Scripting (XSS) due to inadequate validation of the link attribute.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2018 13:29Current

5.9Medium risk

Vulners AI Score5.9

CVSS24.3

CVSS36.1

EPSS0.00266

CWE-79