Filtered by vendor Ilias
Subscriptions
Filtered by product Ilias
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10428 | 1 Ilias | 1 Ilias | 2019-03-08 | N/A |
| ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting. | ||||
| CVE-2007-5806 | 1 Ilias | 1 Ilias | 2018-10-15 | N/A |
| Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes. | ||||
| CVE-2018-10306 | 1 Ilias | 1 Ilias | 2018-06-19 | N/A |
| Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date. | ||||
| CVE-2017-7583 | 1 Ilias | 1 Ilias | 2018-06-19 | N/A |
| ILIAS before 5.2.3 has XSS via SVG documents. | ||||
| CVE-2018-10307 | 1 Ilias | 1 Ilias | 2018-06-18 | N/A |
| error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. | ||||
| CVE-2018-11118 | 1 Ilias | 1 Ilias | 2018-06-15 | N/A |
| The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php. | ||||
| CVE-2018-11120 | 1 Ilias | 1 Ilias | 2018-06-15 | N/A |
| Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS. | ||||
| CVE-2018-11119 | 1 Ilias | 1 Ilias | 2018-06-15 | N/A |
| ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter. | ||||
| CVE-2018-11117 | 1 Ilias | 1 Ilias | 2018-06-15 | N/A |
| Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute. | ||||
| CVE-2018-5688 | 1 Ilias | 1 Ilias | 2018-02-05 | N/A |
| ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. | ||||
| CVE-2008-5816 | 1 Ilias | 1 Ilias | 2017-09-29 | N/A |
| SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter. | ||||
| CVE-2014-2090 | 1 Ilias | 1 Ilias | 2014-03-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter. | ||||
| CVE-2014-2089 | 1 Ilias | 1 Ilias | 2014-03-03 | N/A |
| ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | ||||
| CVE-2014-2088 | 1 Ilias | 1 Ilias | 2014-03-03 | N/A |
| Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname. | ||||