Vulnerabilities > Ilias > Ilias > 5.2.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-23 | CVE-2018-10428 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | 4.3 |
| 2018-05-18 | CVE-2018-10307 | Cross-site Scripting vulnerability in Ilias error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. | 4.3 |
| 2018-05-18 | CVE-2018-10306 | Cross-site Scripting vulnerability in Ilias Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date. | 4.3 |
| 2018-05-17 | CVE-2018-11120 | Cross-site Scripting vulnerability in Ilias Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS. | 4.3 |
| 2018-05-17 | CVE-2018-11119 | Open Redirect vulnerability in Ilias ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter. | 5.8 |
| 2018-05-17 | CVE-2018-11118 | Cross-site Scripting vulnerability in Ilias The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php. | 4.3 |
| 2018-05-17 | CVE-2018-11117 | Cross-site Scripting vulnerability in Ilias Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute. | 4.3 |
| 2017-10-17 | CVE-2017-15538 | Cross-site Scripting vulnerability in Ilias Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | 3.5 |