Vulnerabilities > Ilias
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-36485 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
| 2023-12-25 | CVE-2023-36486 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
| 2023-10-26 | CVE-2023-45867 | Unspecified vulnerability in Ilias 7.25 ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. | 6.5 |
| 2023-10-26 | CVE-2023-45868 | Path Traversal vulnerability in Ilias 7.25 The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. | 8.1 |
| 2023-10-26 | CVE-2023-45869 | Cross-site Scripting vulnerability in Ilias 7.25 ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. | 9.0 |
| 2023-06-29 | CVE-2023-36484 | Cross-site Scripting vulnerability in Ilias ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). | 6.1 |
| 2023-06-29 | CVE-2023-36487 | Unspecified vulnerability in Ilias The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. | 9.8 |
| 2023-06-29 | CVE-2023-36488 | Cross-site Scripting vulnerability in Ilias ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). | 5.4 |
| 2022-12-07 | CVE-2022-45915 | OS Command Injection vulnerability in Ilias ILIAS before 7.16 allows OS Command Injection. | 8.8 |
| 2022-12-07 | CVE-2022-45916 | Cross-site Scripting vulnerability in Ilias ILIAS before 7.16 allows XSS. | 5.4 |