CVE-2017-15538

{"id": "CVE-2017-15538", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2017-10-17T20:29:00.197", "references": [{"url": "http://openwall.com/lists/oss-security/2017/10/17/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ilias.de/docu/goto_docu_pg_75377_35.html", "tags": ["Issue Tracking", "Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ilias.de/docu/goto_docu_pg_75378_1719.html", "tags": ["Issue Tracking", "Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://openwall.com/lists/oss-security/2017/10/17/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ilias.de/docu/goto_docu_pg_75377_35.html", "tags": ["Issue Tracking", "Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ilias.de/docu/goto_docu_pg_75378_1719.html", "tags": ["Issue Tracking", "Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php."}, {"lang": "es", "value": "Vulnerabilidad Cross-Site Scripting (XSS) persistente en el componente Media Objects de ILIAS en versiones anteriores a 5.1.21 y 5.2.x anteriores a 5.2.9 permite que un usuario autenticado inyecte JavaScript para obtener privilegios de administrador, relacionado con la funci\u00f3n setParameter en Services/MediaObjects/classes/class.ilMediaItem.php."}], "lastModified": "2024-11-21T03:14:44.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FCDD5A5-A108-4618-AB21-B6846FF59472", "versionEndIncluding": "5.1.21"}, {"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "516BEB53-5FE4-465E-992D-9033DC4664E9", "versionEndExcluding": "5.2.9", "versionStartIncluding": "5.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}