Vulnerabilities > Ilias
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-07 | CVE-2022-45917 | Open Redirect vulnerability in Ilias ILIAS before 7.16 has an Open Redirect. | 6.1 |
| 2022-12-07 | CVE-2022-45918 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |
| 2022-06-29 | CVE-2022-31266 | Improper Validation of Integrity Check Value vulnerability in Ilias In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | 9.8 |
| 2021-05-13 | CVE-2020-23995 | Information Exposure Through an Error Message vulnerability in Ilias An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | 6.5 |
| 2021-05-13 | CVE-2020-23996 | Unspecified vulnerability in Ilias A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | 6.5 |
| 2020-11-10 | CVE-2020-25268 | Injection vulnerability in Ilias 6.4.0 Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | 6.5 |
| 2020-11-10 | CVE-2020-25267 | Cross-site Scripting vulnerability in Ilias 6.4.0 An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | 3.5 |
| 2019-07-22 | CVE-2019-1010237 | Cross-site Scripting vulnerability in Ilias Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). | 4.3 |
| 2018-05-23 | CVE-2018-10428 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | 4.3 |
| 2018-05-18 | CVE-2018-10307 | Cross-site Scripting vulnerability in Ilias error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. | 4.3 |