Shodan
Vulnerabilities
Vulnerable Software
Ilias:  >> Ilias  Security Vulnerabilities
CVE-2020-23995
An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-05-13
CVE-2020-23996
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
CVSS Score
8.8
EPSS Score
0.033
Published
2021-05-13
CVE-2020-25267
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-11-10
CVE-2020-25268
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
CVSS Score
8.8
EPSS Score
0.027
Published
2020-11-10
CVE-2019-1010237
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-07-22
CVE-2018-10428
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-05-23
CVE-2018-10306
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-18
CVE-2018-10307
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-18
CVE-2018-11117
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
CVE-2018-11118
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved