Vulnerabilities > Ilias

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-36485 Unspecified vulnerability in Ilias
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
network
low complexity
ilias
7.2
2023-12-25 CVE-2023-36486 Unspecified vulnerability in Ilias
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
network
low complexity
ilias
7.2
2023-10-26 CVE-2023-45867 Unspecified vulnerability in Ilias 7.25
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module.
network
low complexity
ilias
6.5
2023-10-26 CVE-2023-45868 Path Traversal vulnerability in Ilias 7.25
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability.
network
low complexity
ilias CWE-22
8.1
2023-10-26 CVE-2023-45869 Cross-site Scripting vulnerability in Ilias 7.25
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload.
network
low complexity
ilias CWE-79
critical
9.0
2023-06-29 CVE-2023-36484 Cross-site Scripting vulnerability in Ilias
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).
network
low complexity
ilias CWE-79
6.1
2023-06-29 CVE-2023-36487 Unspecified vulnerability in Ilias
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.
network
low complexity
ilias
critical
9.8
2023-06-29 CVE-2023-36488 Cross-site Scripting vulnerability in Ilias
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).
network
low complexity
ilias CWE-79
5.4
2022-12-07 CVE-2022-45915 OS Command Injection vulnerability in Ilias
ILIAS before 7.16 allows OS Command Injection.
network
low complexity
ilias CWE-78
8.8
2022-12-07 CVE-2022-45916 Cross-site Scripting vulnerability in Ilias
ILIAS before 7.16 allows XSS.
network
low complexity
ilias CWE-79
5.4