Cross site scripting

2017-10-1720:29:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.

CPENameOperatorVersion
iliasle5.1.21
iliasge5.2.0
iliaslt5.2.9

Name	Operator	Version
ilias	le	5.1.21
ilias	ge	5.2.0
ilias	lt	5.2.9

References

openwall.com/lists/oss-security/2017/10/17/3

github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f

lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html

www.ilias.de/docu/goto_docu_pg_75377_35.html

www.ilias.de/docu/goto_docu_pg_75378_1719.html