CVE-2017-15538
Published
CVSS v3
N/A
CVSS v2
3.5
LOW
Affected
1
PROJECT
Description
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
GitHub repository for official ILIAS release branches and development branches (trunk)
GitHub