Stored XSS vulnerability in ILIAS Media Objects Component Allows for Administrator Privilege Escalation

Stored XSS vulnerability in ILIAS Media Objects Component Allows for Administrator Privilege Escalation

CVE-2017-15538 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.

Learn more about our User Device Pen Test.