CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

OSV•added 2024/05/21 3:15 p.m.•2 views

CVE-2024-33526

A Stored Cross-site Scripting XSS vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload...

7.1CVSS5.5AI score

Exploits0References2

OSV•added 2023/10/26 3:15 p.m.•18 views

CVE-2023-45867

ILIAS 2013-09-12 release contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential fil...

6.5CVSS6.7AI score0.00194EPSS

Exploits1References2

Cvelist•added 2023/06/29 12:0 a.m.•10 views

CVE-2023-36484

ILIAS 7.21 and 8.0beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting XSS...

6.3AI score0.00132EPSS

Exploits0References2

OSV•added 2022/12/07 1:15 a.m.•17 views

CVE-2022-45918

ILIAS before 7.16 allows External Control of File Name or Path...

6.5CVSS6.9AI score

Exploits0References3

OSV•added 2022/12/07 1:15 a.m.•12 views

CVE-2022-45917

ILIAS before 7.16 has an Open Redirect...

6.1CVSS6.9AI score

Exploits0References3

OSV•added 2022/12/07 1:15 a.m.•12 views

CVE-2022-45915

ILIAS before 7.16 allows OS Command Injection...

8.8CVSS7AI score

Exploits0References3

Positive Technologies•added 2022/12/07 12:0 a.m.•2 views

PT-2022-27683 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.16 Description: The issue allows for OS Command Injection. Recommendations: For versions prior to 7.16, update to version 7.16 or later to resolve the issue...

8.8CVSS8.7AI score0.04876EPSS

Exploits3References6

Positive Technologies•added 2022/12/07 12:0 a.m.•1 views

PT-2022-27684 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.16 Description: The issue allows for cross-site scripting XSS, which is a type of attack where an attacker can inject malicious scripts into a website. Recommendations: For versions prior to 7.16, update to version...

5.4CVSS5.2AI score0.00689EPSS

Exploits3References6

OSV•added 2019/07/22 3:15 p.m.•13 views

CVE-2019-1010237

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting XSS - CWE-79 Type 2: Stored XSS or Persistent. The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap attacker / Corrections vie...

6.1CVSS5.4AI score

Exploits0References3

OSV•added 2018/05/18 1:29 p.m.•11 views

CVE-2018-10306

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date...

6.1CVSS6.2AI score

Exploits0References3

OSV•added 2018/05/18 1:29 p.m.•10 views

CVE-2018-10307

error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception...

6.1CVSS6.1AI score

Exploits0References2

OSV•added 2017/04/07 7:59 p.m.•9 views

CVE-2017-7583

ILIAS before 5.2.3 has XSS via SVG documents...

6.1CVSS5.8AI score

Exploits0References4