Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-18
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-17
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
CVSS Score
6.1
EPSS Score
0.035
Published
2018-01-14
ILIAS before 5.2.3 has XSS via SVG documents.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-04-07
Page 2