Vulnerabilities > Ilias > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2023-45867 Unspecified vulnerability in Ilias 7.25
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module.
network
low complexity
ilias
6.5
6.5
2023-06-29 CVE-2023-36484 Cross-site Scripting vulnerability in Ilias
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).
network
low complexity
ilias CWE-79
6.1
6.1
2023-06-29 CVE-2023-36488 Cross-site Scripting vulnerability in Ilias
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).
network
low complexity
ilias CWE-79
5.4
5.4
2022-12-07 CVE-2022-45916 Cross-site Scripting vulnerability in Ilias
ILIAS before 7.16 allows XSS.
network
low complexity
ilias CWE-79
5.4
5.4
2022-12-07 CVE-2022-45917 Open Redirect vulnerability in Ilias
ILIAS before 7.16 has an Open Redirect.
network
low complexity
ilias CWE-601
6.1
6.1
2022-12-07 CVE-2022-45918 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias
ILIAS before 7.16 allows External Control of File Name or Path.
network
low complexity
ilias CWE-610
6.5
6.5
2021-05-13 CVE-2020-23995 Information Exposure Through an Error Message vulnerability in Ilias
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
network
low complexity
ilias CWE-209
6.5
6.5
2021-05-13 CVE-2020-23996 Unspecified vulnerability in Ilias
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
network
low complexity
ilias
6.5
6.5
2020-11-10 CVE-2020-25268 Injection vulnerability in Ilias 6.4.0
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
network
low complexity
ilias CWE-74
6.5
6.5
2019-07-22 CVE-2019-1010237 Cross-site Scripting vulnerability in Ilias
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent).
network
ilias CWE-79
4.3
4.3