Vulnerabilities > Ilias > Ilias > 5.2.13

DATE CVE VULNERABILITY TITLE RISK
2018-05-23 CVE-2018-10428 Cross-site Scripting vulnerability in Ilias
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
network
ilias CWE-79
4.3
4.3
2018-05-18 CVE-2018-10307 Cross-site Scripting vulnerability in Ilias
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
network
ilias CWE-79
4.3
4.3
2018-05-18 CVE-2018-10306 Cross-site Scripting vulnerability in Ilias
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
network
ilias CWE-79
4.3
4.3
2018-05-17 CVE-2018-11120 Cross-site Scripting vulnerability in Ilias
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
network
ilias CWE-79
4.3
4.3
2018-05-17 CVE-2018-11119 Open Redirect vulnerability in Ilias
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
network
ilias CWE-601
5.8
5.8
2018-05-17 CVE-2018-11118 Cross-site Scripting vulnerability in Ilias
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
network
ilias CWE-79
4.3
4.3
2018-05-17 CVE-2018-11117 Cross-site Scripting vulnerability in Ilias
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
network
ilias CWE-79
4.3
4.3