|
Description
|
|
Vulnerability Lab has discovered a vulnerability in ILIAS, which can be exploited by malicious users to conduct script insertion attacks.
Input passed via the "note" POST parameter to ilias.php (when "cmd[updateNote]" is set to "Update Comment" and "note_id" is set to a valid note id) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
The vulnerability is confirmed in version 4.3.4. Prior versions may also be affected.
|
