Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-10-17 20:29
Updated : 2025-04-20 01:37
NVD link : CVE-2017-15538
Mitre link : CVE-2017-15538
CVE.ORG link : CVE-2017-15538
JSON object : View
Products Affected
ilias
- ilias
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')