Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ilias vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33525
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to in...
NA
CVE-2024-33526
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML v...
NA
CVE-2024-33527
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via X...
NA
CVE-2024-33528
A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload.
NA
CVE-2024-33529
ILIAS 7 prior to 7.30 and ILIAS 8 prior to 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.
NA
CVE-2023-36485
The workflow-engine of ILIAS prior to 7.23 and 8 prior to 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
Ilias Ilias
NA
CVE-2023-36486
The workflow-engine of ILIAS prior to 7.23 and 8 prior to 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
Ilias Ilias
NA
CVE-2023-45867
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrie...
Ilias Ilias 7.25
NA
CVE-2023-45868
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified director...
Ilias Ilias 7.25
NA
CVE-2023-45869
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Ser...
Ilias Ilias 7.25
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »