Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ilias ilias vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2090
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
Ilias Ilias 4.4.1
1 EDB exploit
6.1
CVSSv3
CVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
Ilias Ilias 5.3.4
5.4
CVSSv3
CVE-2020-25267
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
Ilias Ilias 6.4.0
8.8
CVSSv3
CVE-2020-25268
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
Ilias Ilias 6.4.0
NA
CVE-2024-33529
ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.
NA
CVE-2024-33525
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to in...
NA
CVE-2024-33528
A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload.
NA
CVE-2024-33526
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML v...
NA
CVE-2024-33527
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via X...
4.3
CVSSv3
CVE-2022-31478
The UserTakeOver plugin prior to 4.0.1 for ILIAS allows an malicious user to list all users via the search function.
Sr.solutions Usertakeover
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »