RSS   Vulnerabilities for 'Ilias'   RSS

2021-05-13
 
CVE-2020-23995

CWE-200
 

 
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

 
 
CVE-2020-23996

NVD-CWE-Other
 

 
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.

 
2020-11-10
 
CVE-2020-25268

CWE-74
 

 
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.

 
 
CVE-2020-25267

CWE-79
 

 
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.

 
2019-07-22
 
CVE-2019-1010237

CWE-79
 

 
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.

 
2018-05-23
 
CVE-2018-10428

CWE-79
 

 
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.

 
2018-05-18
 
CVE-2018-10307

CWE-79
 

 
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.

 
 
CVE-2018-10306

CWE-79
 

 
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.

 
2018-05-17
 
CVE-2018-11120

CWE-79
 

 
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.

 
 
CVE-2018-11119

CWE-601
 

 
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top