Vulnerabilities > Ilias > Ilias > 5.1.25
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-18 | CVE-2018-10306 | Cross-site Scripting vulnerability in Ilias Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date. | 4.3 |
| 2018-05-17 | CVE-2018-11120 | Cross-site Scripting vulnerability in Ilias Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS. | 4.3 |
| 2018-05-17 | CVE-2018-11119 | Open Redirect vulnerability in Ilias ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter. | 5.8 |
| 2018-05-17 | CVE-2018-11118 | Cross-site Scripting vulnerability in Ilias The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php. | 4.3 |
| 2018-05-17 | CVE-2018-11117 | Cross-site Scripting vulnerability in Ilias Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute. | 4.3 |
| 2018-01-14 | CVE-2018-5688 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. | 4.3 |
| 2017-04-07 | CVE-2017-7583 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.2.3 has XSS via SVG documents. | 4.3 |