CVE-2017-15538

Sažetak

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.

Reference

http://openwall.com/lists/oss-security/2017/10/17/3
https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f
https://lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html
https://www.ilias.de/docu/goto_docu_pg_75377_35.html
https://www.ilias.de/docu/goto_docu_pg_75378_1719.html

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-06-2018 - 14:59

Objavljeno

17-10-2017 - 20:29