Known Vulnerabilities for products from Ilias
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ilias".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2024-49645 json | Not Provided | 2024-10-29 | 2026-04-01 | |
| CVE-2023-45869 json | ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly ... | 9 - CRITICAL | 2023-10-26 | 2023-11-14 |
| CVE-2023-45868 json | The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impa... | 6.5 - MEDIUM | 2023-10-26 | 2023-11-14 |
| CVE-2023-45867 json | ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormA... | 6.5 - MEDIUM | 2023-10-26 | 2023-11-14 |
| CVE-2023-36488 json | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). | 5.4 - MEDIUM | 2023-06-29 | 2023-07-07 |
| CVE-2023-36487 json | The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over th... | 9.8 - CRITICAL | 2023-06-29 | 2023-07-06 |
| CVE-2023-36486 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-12-25 | 2024-01-03 |
| CVE-2023-36485 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-12-25 | 2024-01-03 |
| CVE-2023-36484 json | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). | 6.1 - MEDIUM | 2023-06-29 | 2023-07-07 |
| CVE-2022-45918 json | ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 - MEDIUM | 2022-12-07 | 2023-08-08 |
| CVE-2022-45917 json | ILIAS before 7.16 has an Open Redirect. | 6.1 - MEDIUM | 2022-12-07 | 2023-01-06 |
| CVE-2022-45916 json | ILIAS before 7.16 allows XSS. | 5.4 - MEDIUM | 2022-12-07 | 2023-01-06 |
| CVE-2022-45915 json | ILIAS before 7.16 allows OS Command Injection. | 8.8 - HIGH | 2022-12-07 | 2023-01-06 |
| CVE-2022-31266 json | In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to t... | 9.8 - CRITICAL | 2022-06-29 | 2023-11-07 |
| CVE-2020-25268 json | Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpi... | 8.8 - HIGH | 2020-11-10 | 2021-07-21 |
| CVE-2020-25267 json | An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | 5.4 - MEDIUM | 2020-11-10 | 2020-11-18 |
| CVE-2020-23996 json | A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute ... | 8.8 - HIGH | 2021-05-13 | 2021-05-21 |
| CVE-2020-23995 json | An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get t... | 6.5 - MEDIUM | 2021-05-13 | 2022-10-26 |
| CVE-2019-1010237 json | Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persist... | 6.1 - MEDIUM | 2019-07-22 | 2019-10-09 |
| CVE-2018-11120 json | Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS. | 6.1 - MEDIUM | 2018-05-17 | 2018-06-15 |
Known software with vulnerabilities from Ilias
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ilias | Ilias | 2.4.7 |