oss-sec mailing list archives
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20
From: Dollar Strike <dollarstrike163 () gmail com>
Date: Thu, 19 Oct 2017 09:57:45 +0530
I just skimmed through the fix, I am trying to understand how does this function if (is_int(strpos(strtolower($a_val), "javascript"))) sanitize the input as below payloads 1. %22%7D%5D%7D%29%3Balert%280%29%3B --------> "}]});alert(0); 2. %27%27%3B%21--%22%3CXSS%3E%3D%26%7B%28%29%7D ---> '';!--"<XSS>=&{()} On Wed, Oct 18, 2017 at 10:28 PM, <chbi () chbi eu> wrote:
A stored XSS vulnerability in the media object component allows an authenticated user to inject JavaScript to gain administrator privileges. Fix: https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70fCVE-2017-15538 has been assigned. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15538 -- chbi https://chbi.eu GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E https://chbi.eu/chbi.asc
Current thread:
- Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 17)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 Dollar Strike (Oct 19)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)