Vulnerabilities > Ilias
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-07 | CVE-2022-45915 | OS Command Injection vulnerability in Ilias ILIAS before 7.16 allows OS Command Injection. | 8.8 |
| 2022-12-07 | CVE-2022-45916 | Cross-site Scripting vulnerability in Ilias ILIAS before 7.16 allows XSS. | 5.4 |
| 2022-12-07 | CVE-2022-45917 | Open Redirect vulnerability in Ilias ILIAS before 7.16 has an Open Redirect. | 6.1 |
| 2022-12-07 | CVE-2022-45918 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |
| 2022-06-29 | CVE-2022-31266 | Improper Validation of Integrity Check Value vulnerability in Ilias In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | 7.5 |
| 2021-05-13 | CVE-2020-23995 | Information Exposure Through an Error Message vulnerability in Ilias An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | 6.5 |
| 2021-05-13 | CVE-2020-23996 | Unspecified vulnerability in Ilias A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | 6.5 |
| 2020-11-10 | CVE-2020-25268 | Injection vulnerability in Ilias 6.4.0 Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | 6.5 |
| 2020-11-10 | CVE-2020-25267 | Cross-site Scripting vulnerability in Ilias 6.4.0 An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | 3.5 |
| 2019-07-22 | CVE-2019-1010237 | Cross-site Scripting vulnerability in Ilias Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). | 4.3 |