Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ilias ilias vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45917
ILIAS prior to 7.16 has an Open Redirect.
Ilias Ilias
3.5
CVSSv2
CVE-2017-15538
Stored XSS vulnerability in the Media Objects component of ILIAS prior to 5.1.21 and 5.2.x prior to 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.ph...
Ilias Ilias
7.5
CVSSv2
CVE-2022-31266
In ILIAS up to and including 7.10, lack of verification when changing an email address (on the Profile Page) allows remote malicious users to take over accounts.
Ilias Ilias
4.3
CVSSv2
CVE-2017-7583
ILIAS prior to 5.2.3 has XSS via SVG documents.
Ilias Ilias
4
CVSSv2
CVE-2020-23995
An information disclosure vulnerability in ILIAS prior to 5.3.19, 5.4.12 and 6.0 allows remote authenticated malicious users to get the upload data path via a workspace upload.
Ilias Ilias
6.5
CVSSv2
CVE-2020-23996
A local file inclusion vulnerability in ILIAS prior to 5.3.19, 5.4.10 and 6.0 allows remote authenticated malicious users to execute arbitrary code via the import of personal data.
Ilias Ilias
4.3
CVSSv2
CVE-2019-1010237
Ilias 5.3 prior to 5.3.12; 5.2 prior to 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text ...
Ilias Ilias
NA
CVE-2023-36485
The workflow-engine of ILIAS prior to 7.23 and 8 prior to 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
Ilias Ilias
NA
CVE-2023-36486
The workflow-engine of ILIAS prior to 7.23 and 8 prior to 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
Ilias Ilias
NA
CVE-2023-36487
The password reset function in ILIAS 7.0_beta1 up to and including 7.20 and 8.0_beta1 up to and including 8.1 allows remote malicious users to take over the account.
Ilias Ilias
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »