Lucene search

ilias-xss.txt

🗓️ 31 Oct 2007 00:00:00Reported by L4teralType

packetstorm🔗 packetstormsecurity.com👁 18 Views

ILIAS web-based learning management <= 3.8.3 XSS vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`======================================================================  
ILIAS <= 3.8.3 Cross Site Scripting  
======================================================================  
  
Author: L4teral <l4teral [4t] gmail com>  
Impact: Cross Site Scripting  
Status: patch available  
  
  
------------------------------  
Affected software description:  
------------------------------  
  
Application: ILIAS  
Version: <= 3.8.3  
Vendor: http://www.ilias.de  
  
Description:  
ILIAS is a powerful web-based learning management system that allows  
you to easily manage learning resources in an integrated system.  
  
  
--------------  
Vulnerability:  
--------------  
  
The mailing and forum components are vulnerable to cross site scripting.  
  
  
------------  
PoC/Exploit:  
------------  
  
create forum post/mail with:  
http://www.ex"style="width:expression(alert('xss'))"ample.com  
  
http://www.ex"onmouseover="javascript:alert('xss');"ample.com  
  
  
---------  
Solution:  
---------  
  
install security patch:  
http://www.ilias.de/docu/goto.php?target=pg_16836_35&client_id=docu  
  
  
---------  
Timeline:  
---------  
  
17.10.2007 - vendor informed  
25.10.2007 - vendor responded  
29.10.2007 - vendor released patch  
30.10.2007 - public disclosure  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Oct 2007 00:00Current

7.4High risk

Vulners AI Score7.4