CVE-2018-3146Cross-site Scripting in Corporation Ilearning

CWE-79Cross-site Scripting7 documents7 sources
Severity
8.2HIGHNVD
GHSA6.1
EPSS
1.0%
top 23.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation IlearningOracle Ilearning
Timeline
PublishedOct 17
Latest updateMay 13

Description

Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of t

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages2 packages

NVDoracle/ilearning6.1, 6.2+1
CVEListV5oracle_corporation/ilearning6.1, 6.2+1

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-f5mr-9x29-h7w7: Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration)2022-05-13
GHSA
Improper Neutralization of Input During Web Page Generation in LXML2022-05-13
CVEList
CVE-2018-3146: Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration)2018-10-17

📋Vendor Advisories

2
Microsoft
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping allowing a remote attacker to conduct XSS attacks as d2018-12-11
Red Hat
python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py2018-09-09

💬Community

1
Bugzilla
CVE-2018-19787 python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py2018-12-17
CVE-2018-3146 — Cross-site Scripting | cvebase