VYPR

Ilias

by Ilias

Source repositories

CVEs (43)

  • CVE-2023-45868Oct 26, 2023
    risk 0.00cvss epss 0.01

    The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified…

  • CVE-2023-45867Oct 26, 2023
    risk 0.00cvss epss 0.01

    ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially…

  • CVE-2023-45869Oct 26, 2023
    risk 0.00cvss epss 0.01

    ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class…

  • CVE-2023-36484Jun 29, 2023
    risk 0.00cvss epss 0.00

    ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).

  • CVE-2023-36488Jun 29, 2023
    risk 0.00cvss epss 0.00

    ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS).

  • CVE-2023-36487Jun 29, 2023
    risk 0.00cvss epss 0.01

    The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.

  • CVE-2022-45918Dec 7, 2022
    risk 0.00cvss epss 0.01

    ILIAS before 7.16 allows External Control of File Name or Path.

  • CVE-2022-45916Dec 7, 2022
    risk 0.00cvss epss 0.01

    ILIAS before 7.16 allows XSS.

  • CVE-2022-45915Dec 7, 2022
    risk 0.00cvss epss 0.05

    ILIAS before 7.16 allows OS Command Injection.

  • CVE-2022-31266Jun 29, 2022
    risk 0.00cvss epss 0.01

    In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.

  • CVE-2020-23996May 13, 2021
    risk 0.00cvss epss 0.02

    A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.

  • CVE-2020-23995May 13, 2021
    risk 0.00cvss epss 0.02

    An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.

  • CVE-2020-25268Nov 10, 2020
    risk 0.00cvss epss 0.02

    Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.

  • CVE-2020-25267Nov 10, 2020
    risk 0.00cvss epss 0.01

    An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.

  • CVE-2019-1010237Jul 22, 2019
    risk 0.00cvss epss 0.02

    Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap…

  • CVE-2018-10307MedMay 18, 2018
    risk 0.00cvss 6.1epss 0.01

    error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.

  • CVE-2018-10306MedMay 18, 2018
    risk 0.00cvss 6.1epss 0.01

    Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.

  • CVE-2018-11120MedMay 17, 2018
    risk 0.00cvss 6.1epss 0.01

    Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.

  • CVE-2018-11119MedMay 17, 2018
    risk 0.00cvss 6.1epss 0.01

    ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.

  • CVE-2018-11118MedMay 17, 2018
    risk 0.00cvss 6.1epss 0.01

    The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.