Known Vulnerabilities for products from Ilias

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ilias".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2024-49645		Not Provided	2024-10-29	2026-04-01
CVE-2020-25268	Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpi...	8.8 - HIGH	2020-11-10	2021-07-21
CVE-2020-25267	An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.	5.4 - MEDIUM	2020-11-10	2020-11-18
CVE-2020-23996	A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute ...	8.8 - HIGH	2021-05-13	2021-05-21
CVE-2020-23995	An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get t...	6.5 - MEDIUM	2021-05-13	2022-10-26
CVE-2019-1010237	Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persist...	6.1 - MEDIUM	2019-07-22	2019-10-09
CVE-2018-11120	Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.	6.1 - MEDIUM	2018-05-17	2018-06-15
CVE-2018-11119	ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.	6.1 - MEDIUM	2018-05-17	2018-06-15
CVE-2018-11118	The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalF...	6.1 - MEDIUM	2018-05-17	2018-06-15
CVE-2018-11117	Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribut...	6.1 - MEDIUM	2018-05-17	2018-06-15
CVE-2018-10665	ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.	6.1 - MEDIUM	2018-05-02	2018-06-07
CVE-2018-10428	ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable...	6.1 - MEDIUM	2018-05-23	2019-03-08
CVE-2018-10307	error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.	6.1 - MEDIUM	2018-05-18	2018-06-18
CVE-2018-10306	Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x ...	6.1 - MEDIUM	2018-05-18	2018-06-19
CVE-2018-5688	ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the S...	6.1 - MEDIUM	2018-01-14	2018-02-05
CVE-2017-15538	Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated...	5.4 - MEDIUM	2017-10-17	2018-06-19
CVE-2017-7583	ILIAS before 5.2.3 has XSS via SVG documents.	6.1 - MEDIUM	2017-04-07	2018-06-19
CVE-2014-2090	Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject ar...	3.5 - LOW	2014-03-02	2014-03-03
CVE-2014-2089	ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php f...	6.8 - MEDIUM	2014-03-02	2014-03-03
CVE-2014-2088	Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP...	6.5 - MEDIUM	2014-03-02	2014-03-03

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Ilias

Type	Vendor	Product	Version
Application	Ilias	Ilias	2.4.7