oss-sec mailing list archives
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20
From: chbi () chbi eu
Date: Wed, 18 Oct 2017 18:58:48 +0200
A stored XSS vulnerability in the media object component allows an authenticated user to inject JavaScript to gain administrator privileges. Fix: https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f
CVE-2017-15538 has been assigned. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15538 -- chbi https://chbi.eu GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E https://chbi.eu/chbi.asc
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 17)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 Dollar Strike (Oct 19)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)