Security Advisory

CVE-2017-15538

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-10-17 20:00:00

Last updated 2024-09-17 00:10:44

Assigner mitre

State PUBLISHED

Description

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.

← Browse all CVEs View on cve.org ↗