Vulnerabilities > Ilias > Ilias > 4.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-14 | CVE-2018-5688 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. | 4.3 |
| 2017-10-17 | CVE-2017-15538 | Cross-site Scripting vulnerability in Ilias Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | 3.5 |
| 2017-04-07 | CVE-2017-7583 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.2.3 has XSS via SVG documents. | 4.3 |
| 2014-03-02 | CVE-2014-2090 | Cross-Site Scripting vulnerability in Ilias 4.4.1 Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter. | 3.5 |
| 2014-03-02 | CVE-2014-2089 | Code Injection vulnerability in Ilias 4.4.1 ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | 6.8 |
| 2014-03-02 | CVE-2014-2088 | Unspecified vulnerability in Ilias 4.4.1 Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname. | 6.5 |