Vulnerabilities > Ilias > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-10 | CVE-2020-25267 | Cross-site Scripting vulnerability in Ilias 6.4.0 An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | 3.5 |
| 2017-10-17 | CVE-2017-15538 | Cross-site Scripting vulnerability in Ilias Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | 3.5 |
| 2014-03-02 | CVE-2014-2090 | Cross-Site Scripting vulnerability in Ilias 4.4.1 Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter. | 3.5 |