Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ilias ilias vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-7583
ILIAS prior to 5.2.3 has XSS via SVG documents.
Ilias Ilias
6.1
CVSSv3
CVE-2018-10428
ILIAS prior to 5.1.26, 5.2.x prior to 5.2.15, and 5.3.x prior to 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
Ilias Ilias
9.8
CVSSv3
CVE-2022-31266
In ILIAS up to and including 7.10, lack of verification when changing an email address (on the Profile Page) allows remote malicious users to take over accounts.
Ilias Ilias
5.4
CVSSv3
CVE-2022-45916
ILIAS prior to 7.16 allows XSS.
Ilias Ilias
6.1
CVSSv3
CVE-2022-45917
ILIAS prior to 7.16 has an Open Redirect.
Ilias Ilias
6.5
CVSSv3
CVE-2023-45867
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrie...
Ilias Ilias 7.25
8.1
CVSSv3
CVE-2023-45868
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified director...
Ilias Ilias 7.25
9
CVSSv3
CVE-2023-45869
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Ser...
Ilias Ilias 7.25
NA
CVE-2014-2089
ILIAS 4.4.1 allows remote malicious users to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
Ilias Ilias 4.4.1
1 EDB exploit
NA
CVE-2014-2090
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
Ilias Ilias 4.4.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »