Shodan
Vulnerabilities
Vulnerable Software
Ilias:  Security Vulnerabilities
CVE-2020-25268
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
CVSS Score
8.8
EPSS Score
0.028
Published
2020-11-10
CVE-2019-1010237
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-07-22
CVE-2018-10428
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-05-23
CVE-2018-10306
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-18
CVE-2018-10307
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-18
CVE-2018-11117
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
CVE-2018-11118
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
CVE-2018-11119
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-05-17
CVE-2018-11120
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-17
CVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved