The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious...
7.2CVSS
7.4AI Score
0.001EPSS
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition...
7.2CVSS
7.3AI Score
0.001EPSS
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class...
9CVSS
7AI Score
0.001EPSS
ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential...
6.5CVSS
7AI Score
0.0005EPSS
The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally...
8.1CVSS
7.2AI Score
0.0005EPSS
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting...
6.1CVSS
6AI Score
0.001EPSS
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting...
5.4CVSS
5.4AI Score
0.001EPSS
The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the...
9.8CVSS
9.4AI Score
0.002EPSS
6.5CVSS
6.8AI Score
0.002EPSS
5.4CVSS
6.2AI Score
0.001EPSS
8.8CVSS
7.6AI Score
0.004EPSS
6.1CVSS
6.6AI Score
0.002EPSS
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over...
9.8CVSS
9.4AI Score
0.003EPSS