Vulnerabilities > Ilias > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-26 | CVE-2023-45869 | Cross-site Scripting vulnerability in Ilias 7.25 ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. | 9.0 |
| 2023-06-29 | CVE-2023-36487 | Unspecified vulnerability in Ilias The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. | 9.8 |