PT-2017-14093 · Ilias · Ilias
Chbi
·
Publicado
2017-10-17
·
Atualizado
2018-06-19
·
CVE-2017-15538
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ILIAS versions prior to 5.1.21
ILIAS versions 5.2.x prior to 5.2.9
Description
A stored XSS issue in the Media Objects component allows an authenticated user to inject JavaScript, potentially gaining administrator privileges. This is related to the
setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.Recommendations
For ILIAS versions prior to 5.1.21, update to version 5.1.21 or later.
For ILIAS versions 5.2.x prior to 5.2.9, update to version 5.2.9 or later.
As a temporary workaround, consider restricting access to the Media Objects component until a patch is applied.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ilias