Overview
- Description
- Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FCDD5A5-A108-4618-AB21-B6846FF59472",
"versionEndIncluding": "5.1.21"
},
{
"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "516BEB53-5FE4-465E-992D-9033DC4664E9",
"versionEndExcluding": "5.2.9",
"versionStartIncluding": "5.2.0"
}
],
"operator": "OR"
}
]
}
]