oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20

From: chbi () chbi eu
Date: Tue, 17 Oct 2017 19:43:56 +0200
Hi,

I've discovered a security issue in ILIAS <= 5.2.8 and <= 5.1.20
(https://www.ilias.de)


A stored XSS vulnerability in the media object component allows an
authenticated user to inject JavaScript to gain administrator privileges.


Fix:
https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f


The issue is fixed in ILIAS 5.2.9 and 5.1.21.

https://www.ilias.de/docu/goto_docu_pg_75377_35.html
https://www.ilias.de/docu/goto_docu_pg_75378_1719.html


I've requested a CVE ID (MITRE).

-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: