CVE-2018-10306

Sažetak

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.

Reference

https://github.com/ILIAS-eLearning/ILIAS/commit/95870b2db3e71154102b2cd2f05334fc741c6e39
https://github.com/ILIAS-eLearning/ILIAS/commit/eb0272c8023818b1eb10a93e115c9e7960b62a62
https://www.ilias.de/docu/goto_docu_pg_116799_35.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-06-2018 - 15:12

Objavljeno

18-05-2018 - 13:29