ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-05-23
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-18
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-18
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-17
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
CVSS Score
6.1
EPSS Score
0.035
Published
2018-01-14
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-10-17
ILIAS before 5.2.3 has XSS via SVG documents.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-04-07