CVE-2007-5806

Name of the Vulnerable Software and Affected Versions ILIAS versions 3.8.3 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the mailing or forum component. This can be achieved using the style and onmouseover HTML attributes.

Recommendations For ILIAS versions 3.8.3 and earlier, update to a version later than 3.8.3 to resolve the issue. As a temporary workaround, consider restricting the use of the mailing and forum components until a patch is available. Avoid using the style and onmouseover HTML attributes in these components to minimize the risk of exploitation.