CVEDB API

Vulnerabilities

Vulnerable Software

Ilias: >> Ilias >> 3.2.3 Security Vulnerabilities

CVE-2018-5688

ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.

CVSS Score

6.1

EPSS Score

0.035

Published

2018-01-14

CVE-2017-15538

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.

CVSS Score

5.4

EPSS Score

0.004

Published

2017-10-17

CVE-2017-7583

ILIAS before 5.2.3 has XSS via SVG documents.

CVSS Score

6.1

EPSS Score

0.006

Published

2017-04-07

CVE-2008-5816

SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.

CVSS Score

7.5

EPSS Score

0.001

Published

2009-01-02

CVE-2007-5806

Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.

CVSS Score

4.3

EPSS Score

0.005

Published

2007-11-05

Page 2

Vulnerabilities

Vulnerable Software

Ilias: >> Ilias >> 3.2.3 Security Vulnerabilities

Products

Pricing

Contact Us