Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ilias ilias vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2014-2089
ILIAS 4.4.1 allows remote malicious users to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
Ilias Ilias 4.4.1
1 EDB exploit
355
VMScore
CVE-2014-2090
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
Ilias Ilias 4.4.1
1 EDB exploit
312
VMScore
CVE-2020-25267
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
Ilias Ilias 6.4.0
578
VMScore
CVE-2020-25268
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
Ilias Ilias 6.4.0
NA
CVE-2024-33529
ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.
NA
CVE-2024-33525
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to in...
NA
CVE-2024-33528
A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload.
NA
CVE-2024-33526
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML v...
NA
CVE-2024-33527
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via X...
356
VMScore
CVE-2022-31478
The UserTakeOver plugin prior to 4.0.1 for ILIAS allows an malicious user to list all users via the search function.
Sr.solutions Usertakeover
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »