Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5806

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5806
Last Modified 15 Nov 2008 02:02:19
Published 05 Nov 2007 12:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5806

Summary

Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.

Vulnerable Systems

Application

  • Ilias 3.8

  • Ilias 3.8.1

  • Ilias 3.8.2

  • Ilias 3.8.3


References

BID - 26264

CONFIRM - http://www.ilias.de/docu/goto.php?target=st_229_35&client_id=docu

CONFIRM - http://downloads.sourceforge.net/ilias/ilias.3.8.3.security.patch.zip

BUGTRAQ - 20071030 ILIAS <= 3.8.3 Cross Site Scripting

OSVDB - 38328

XF - ilias-mail-forum-xss(38171)

SREASON - 3340

SECUNIA - 27457


Last Updated: 27 May 2016 10:46:17