CVE-2017-15538

Опубликовано: 17 окт. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.

Ссылки

http://openwall.com/lists/oss-security/2017/10/17/3
Mailing List
Patch
Third Party Advisory
https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f
Issue Tracking
Patch
Third Party Advisory
https://lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html
Vendor Advisory
https://www.ilias.de/docu/goto_docu_pg_75377_35.html
Issue Tracking
Release Notes
Vendor Advisory
https://www.ilias.de/docu/goto_docu_pg_75378_1719.html
Issue Tracking
Release Notes
Vendor Advisory
http://openwall.com/lists/oss-security/2017/10/17/3
Mailing List
Patch
Third Party Advisory
https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f
Issue Tracking
Patch
Third Party Advisory
https://lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html
Vendor Advisory
https://www.ilias.de/docu/goto_docu_pg_75377_35.html
Issue Tracking
Release Notes
Vendor Advisory
https://www.ilias.de/docu/goto_docu_pg_75378_1719.html
Issue Tracking
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*

Версия до 5.1.21 (включая)

cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*

Версия от 5.2.0 (включая) до 5.2.9 (исключая)

EPSS

Процентиль: 62%

0.00433

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-15538

CVSS3: 5.4

debian

около 8 лет назад

Stored XSS vulnerability in the Media Objects component of ILIAS befor ...

GHSA-24w6-c727-ccr9

CVSS3: 5.4

github

больше 3 лет назад

EPSS

Процентиль: 62%

0.00433

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79