CVE-2017-15538

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.ilias.de/docu/goto_docu_pg_75378_1719.html", "name": "https://www.ilias.de/docu/goto_docu_pg_75378_1719.html", "tags": ["Issue Tracking", "Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://www.ilias.de/docu/goto_docu_pg_75377_35.html", "name": "https://www.ilias.de/docu/goto_docu_pg_75377_35.html", "tags": ["Issue Tracking", "Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html", "name": "https://lists.ilias.de/pipermail/ilias-admins/2017-October/000053.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f", "name": "https://github.com/ILIAS-eLearning/ILIAS/commit/b2a4660afec1e87d41c83c8e381f549bc6dfc70f", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://openwall.com/lists/oss-security/2017/10/17/3", "name": "http://openwall.com/lists/oss-security/2017/10/17/3", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-15538", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}}, "publishedDate": "2017-10-17T20:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.1.21"}, {"cpe23Uri": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.2.9", "versionStartIncluding": "5.2.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-06-19T14:59Z"}