ILIAS CMS 5.2.3 Cross Site Scripting

ILIAS CMS versions 5.2.3 and below suffer from a cross site scripting vulnerability.

MD5 | c9a8e18c5fc3b7b6fc07c6a03891a012

Product & Service Introduction:

ILIAS is a web base learning management system (LMS, VLE). Features:
Courses, SCORM 1.2 and 2004, mail, forum, chat, groups, podcast, file
sharing, authoring, CMS, test, wiki, personal desktop, LOM, LDAP, role
based access.

(Copy of the Homepage: )
Severity Level: Medium

An Cross Site Scripting vulnerability has been discovered at ILIAS CMS that
affected all versions till 5.2.3. This vulnerability has been fixed in
version 5.2.4. Vulnerability affects the parameter cmd at Setup section
which leaded to alert.
Proof of Concept (PoC):

Vulnerability was found at :

Parameter Affected:
- cmd

Vulnerability affected at :

Payload used:

Dork: inurl:/setup/setup.php?cmd=

Credits & Authors: Florian Kunushevci

Related Posts