CVE-2018-5688

CVE: CVE-2018-5688
Published: 2018-01-14T20:29Z
Vendor: ilias
Products: ilias
Versions: 4.4.1,
Description Language: en
Description: ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
References:
https://github.com/ILIAS-eLearning/ILIAS/commit/c0f326d05231072e33679b84835c03d5043255cb
https://www.exploit-db.com/exploits/43595/
https://www.ilias.de/docu/goto_docu_pg_75029_35.html