CVE

Id
29163  
CVE No.
CVE-2007-5806  
Status
Candidate  
Description
Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.  
Phase
Assigned (20071105)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
305953 29163 CVE-2007-5806 BUGTRAQ:20071030 ILIAS <= 3.8.3 Cross Site Scripting  View
305954 29163 CVE-2007-5806 URL:http://www.securityfocus.com/archive/1/archive/1/483011/100/0/threaded  View
305955 29163 CVE-2007-5806 CONFIRM:http://downloads.sourceforge.net/ilias/ilias.3.8.3.security.patch.zip  View
305956 29163 CVE-2007-5806 CONFIRM:http://www.ilias.de/docu/goto.php?target=st_229_35&client_id=docu  View
305957 29163 CVE-2007-5806 BID:26264  View
305958 29163 CVE-2007-5806 URL:http://www.securityfocus.com/bid/26264  View
305959 29163 CVE-2007-5806 OSVDB:38328  View
305960 29163 CVE-2007-5806 URL:http://osvdb.org/38328  View
305961 29163 CVE-2007-5806 SECUNIA:27457  View
305962 29163 CVE-2007-5806 URL:http://secunia.com/advisories/27457  View
305963 29163 CVE-2007-5806 SREASON:3340  View
305964 29163 CVE-2007-5806 URL:http://securityreason.com/securityalert/3340  View
305965 29163 CVE-2007-5806 XF:ilias-mail-forum-xss(38171)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
52231 JVNDB-2007-000921 Groupmax Collaboration の Schedule における表示すべきでない情報が表示される問題 Groupmax Collaboration の Schedule には、スケジュールポートレットに表示すべきでない情報が表示されてしまう問題が存在します。 CVE-2007-5808 29163 4 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000921.html  View