Shodan
Vulnerabilities
Vulnerable Software
Ilias:  >> Ilias  >> 7.11  Security Vulnerabilities
CVE-2024-33527
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-05-21
CVE-2024-33528
A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-05-21
CVE-2024-33529
ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types.
CVSS Score
7.2
EPSS Score
0.01
Published
2024-05-21
CVE-2024-33526
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.
CVSS Score
7.1
EPSS Score
0.001
Published
2024-05-21
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-12-25
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
CVSS Score
7.2
EPSS Score
0.007
Published
2023-12-25
CVE-2023-36487
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-06-29
CVE-2022-45915
ILIAS before 7.16 allows OS Command Injection.
CVSS Score
8.8
EPSS Score
0.097
Published
2022-12-07
CVE-2022-45916
ILIAS before 7.16 allows XSS.
CVSS Score
5.4
EPSS Score
0.012
Published
2022-12-07
CVE-2022-45917
ILIAS before 7.16 has an Open Redirect.
CVSS Score
6.1
EPSS Score
0.296
Published
2022-12-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved