CVE-2018-10306
MEDIUMILIAS 5.1.0-5.3.3 - Cross-Site Scripting via Invalid Date Input
Title source: llmDescription
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
References (3)
Core 3
Core References
Patch x_refsource_misc
https://github.com/ILIAS-eLearning/ILIAS/commit/95870b2db3e71154102b2cd2f05334fc741c6e39
Release Notes x_refsource_misc
https://www.ilias.de/docu/goto_docu_pg_116799_35.html
Scores
CVSS v3
6.1
EPSS
0.0115
EPSS Percentile
62.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
ilias/ilias
5.1.0 - 5.3.4
Published
May 18, 2018
Tracked Since
Feb 18, 2026