Vulnerabilities > Ilias > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2023-45867 Unspecified vulnerability in Ilias 7.25
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module.
network
low complexity
ilias
6.5
6.5
2023-06-29 CVE-2023-36484 Cross-site Scripting vulnerability in Ilias
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).
network
low complexity
ilias CWE-79
6.1
6.1
2023-06-29 CVE-2023-36488 Cross-site Scripting vulnerability in Ilias
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).
network
low complexity
ilias CWE-79
5.4
5.4
2022-12-07 CVE-2022-45916 Cross-site Scripting vulnerability in Ilias
ILIAS before 7.16 allows XSS.
network
low complexity
ilias CWE-79
5.4
5.4
2022-12-07 CVE-2022-45917 Open Redirect vulnerability in Ilias
ILIAS before 7.16 has an Open Redirect.
network
low complexity
ilias CWE-601
6.1
6.1
2022-12-07 CVE-2022-45918 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias
ILIAS before 7.16 allows External Control of File Name or Path.
network
low complexity
ilias CWE-610
6.5
6.5
2022-06-29 CVE-2022-31266 Missing Authentication for Critical Function vulnerability in Ilias
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
network
low complexity
ilias CWE-306
4.3
4.3
2021-05-13 CVE-2020-23995 Information Exposure Through an Error Message vulnerability in Ilias
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
network
low complexity
ilias CWE-209
6.5
6.5
2020-11-10 CVE-2020-25267 Cross-site Scripting vulnerability in Ilias 6.4.0
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
network
low complexity
ilias CWE-79
5.4
5.4
2019-07-22 CVE-2019-1010237 Cross-site Scripting vulnerability in Ilias
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent).
network
low complexity
ilias CWE-79
6.1
6.1