mjansen - Security Researcher - Exploit Intelligence Platform

CVE-2018-10306 WRITEUP MEDIUM WRITEUP

ILIAS 5.1.0-5.3.3 - Cross-Site Scripting via Invalid Date Input

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.

CVSS 6.1

View Code

CVE-2018-11118 WRITEUP MEDIUM WRITEUP

ILIAS 5.1.0-5.1.25, 5.2.x, 5.3.0-5.3.4 - Cross-Site Scripting via RSS Feed URI

The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.

CVSS 6.1

View Code

CVE-2018-5688 WRITEUP MEDIUM WRITEUP

ILIAS < 5.2.4 - Cross-Site Scripting via Setup Component cmd Parameter

ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.

CVSS 6.1

View Code

CVE-2019-1010237 WRITEUP MEDIUM WRITEUP

ILIAS 5.2.0-5.2.20 - Stored Cross-Site Scripting in Assessment TestQuestionPool

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.

CVSS 6.1

View Code

CVE-2018-10306 WRITEUP MEDIUM WRITEUP

ILIAS 5.1.0-5.3.3 - Cross-Site Scripting via Invalid Date Input

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.

CVSS 6.1

View Code

CVE-2018-10307 WRITEUP MEDIUM WRITEUP

ILIAS 5.2.0-5.3.3 - Cross-Site Scripting via PDO Exception Text

error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.

CVSS 6.1

View Code

CVE-2018-11118 WRITEUP MEDIUM WRITEUP

ILIAS 5.1.0-5.1.25, 5.2.x, 5.3.0-5.3.4 - Cross-Site Scripting via RSS Feed URI

The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.

CVSS 6.1

View Code

CVE-2019-1010237 WRITEUP MEDIUM WRITEUP

ILIAS 5.2.0-5.2.20 - Stored Cross-Site Scripting in Assessment TestQuestionPool

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.

CVSS 6.1

View Code