Design/Logic Flaw

2018-05-1713:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

40.0%

JSON

The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.

CPENameOperatorVersion
iliasge5.1.0
iliasle5.1.26
iliasge5.2.0
iliasle5.2.15
iliasge5.3.0
iliasle5.3.4
iliaseq5.2.0 beta3
iliaseq5.2.0 beta2
iliaseq5.2.0 beta1
iliaseq5.1.0 beta1

Name	Operator	Version
ilias	ge	5.1.0
ilias	le	5.1.26
ilias	ge	5.2.0
ilias	le	5.2.15
ilias	ge	5.3.0
ilias	le	5.3.4
ilias	eq	5.2.0 beta3
ilias	eq	5.2.0 beta2
ilias	eq	5.2.0 beta1
ilias	eq	5.1.0 beta1

References

github.com/ILIAS-eLearning/ILIAS/commit/6b2217c31b6974788a5c787413454475687b44bb

github.com/ILIAS-eLearning/ILIAS/commit/d0dcad1b1e729f694acd0582bc626c7c8e62b519

www.ilias.de/docu/goto.php?target=st_229

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for PRION:CVE-2018-11118