ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-05-23
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
CVSS Score
6.1
EPSS Score
0.035
Published
2018-01-14
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-10-17
ILIAS before 5.2.3 has XSS via SVG documents.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-04-07
Page 2