CVE-2017-15538

Name of the Vulnerable Software and Affected Versions ILIAS versions prior to 5.1.21 ILIAS versions 5.2.x prior to 5.2.9

Description A stored XSS issue in the Media Objects component allows an authenticated user to inject JavaScript, potentially gaining administrator privileges. This is related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.

Recommendations For ILIAS versions prior to 5.1.21, update to version 5.1.21 or later. For ILIAS versions 5.2.x prior to 5.2.9, update to version 5.2.9 or later. As a temporary workaround, consider restricting access to the Media Objects component until a patch is applied.