Vulnerability Details CVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/ILIAS-eLearning/ILIAS/commit/3fe6aa778ca06080cf1b7303cbc458aa0c42392a
- https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d
- https://www.openbugbounty.org/reports/608858/
- https://github.com/ILIAS-eLearning/ILIAS/commit/3fe6aa778ca06080cf1b7303cbc458aa0c42392a
- https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d
- https://www.openbugbounty.org/reports/608858/