Vulnerabilities > Ilias

DATE CVE VULNERABILITY TITLE RISK
2021-05-13 CVE-2020-23995 Information Exposure vulnerability in Ilias
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
network
low complexity
ilias CWE-200
4.0
2021-05-13 CVE-2020-23996 Unspecified vulnerability in Ilias
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
network
low complexity
ilias
6.5
2020-11-10 CVE-2020-25268 Injection vulnerability in Ilias 6.4.0
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
network
low complexity
ilias CWE-74
6.5
2020-11-10 CVE-2020-25267 Cross-site Scripting vulnerability in Ilias 6.4.0
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
network
ilias CWE-79
3.5
2019-07-22 CVE-2019-1010237 Cross-site Scripting vulnerability in Ilias
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent).
network
ilias CWE-79
4.3
2018-05-23 CVE-2018-10428 Cross-site Scripting vulnerability in Ilias
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
network
ilias CWE-79
4.3
2018-05-18 CVE-2018-10307 Cross-site Scripting vulnerability in Ilias
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
network
ilias CWE-79
4.3
2018-05-18 CVE-2018-10306 Cross-site Scripting vulnerability in Ilias
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
network
ilias CWE-79
4.3
2018-05-17 CVE-2018-11120 Cross-site Scripting vulnerability in Ilias
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
network
ilias CWE-79
4.3
2018-05-17 CVE-2018-11119 Open Redirect vulnerability in Ilias
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
network
ilias CWE-601
5.8