Vulnerabilities > Ilias

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-45917 Open Redirect vulnerability in Ilias
ILIAS before 7.16 has an Open Redirect.
network
low complexity
ilias CWE-601
6.1
2022-12-07 CVE-2022-45918 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias
ILIAS before 7.16 allows External Control of File Name or Path.
network
low complexity
ilias CWE-610
6.5
2022-06-29 CVE-2022-31266 Missing Authentication for Critical Function vulnerability in Ilias
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
network
low complexity
ilias CWE-306
4.3
2021-05-13 CVE-2020-23995 Information Exposure Through an Error Message vulnerability in Ilias
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
network
low complexity
ilias CWE-209
6.5
2021-05-13 CVE-2020-23996 Unspecified vulnerability in Ilias
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
network
low complexity
ilias
8.8
2020-11-10 CVE-2020-25268 Argument Injection or Modification vulnerability in Ilias 6.4.0
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
network
low complexity
ilias CWE-88
8.8
2020-11-10 CVE-2020-25267 Cross-site Scripting vulnerability in Ilias 6.4.0
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
network
low complexity
ilias CWE-79
5.4
2019-07-22 CVE-2019-1010237 Cross-site Scripting vulnerability in Ilias
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent).
network
low complexity
ilias CWE-79
6.1
2018-05-23 CVE-2018-10428 Cross-site Scripting vulnerability in Ilias
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
network
low complexity
ilias CWE-79
6.1
2018-05-18 CVE-2018-10307 Cross-site Scripting vulnerability in Ilias
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
network
low complexity
ilias CWE-79
6.1