← back
CVE-2007-5806

CVE-2007-5806

EPSS 1.3%
Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://downloads.sourceforge.net/ilias/ilias.3.8.3.security.patch.ziphttp://osvdb.org/38328http://secunia.com/advisories/27457http://securityreason.com/securityalert/3340https://exchange.xforce.ibmcloud.com/vulnerabilities/38171http://www.ilias.de/docu/goto.php?target=st_229_35&client_id=docuhttp://www.securityfocus.com/archive/1/483011/100/0/threadedhttp://www.securityfocus.com/bid/26264