ILIAS 5.2.15

CPE Details

ILIAS 5.2.15
ilias
ilias
5.2.15
2018-06-19
10h18 +00:00
2018-06-19
10h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ilias:ilias:5.2.15:*:*:*:*:*:*:*

Informations

Vendor

ilias

Product

ilias

Version

5.2.15

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-36485 2023-12-24 23h00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
7.2
High
CVE-2023-36486 2023-12-24 23h00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
7.2
High
CVE-2022-45915 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows OS Command Injection.
8.8
High
CVE-2022-45916 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows XSS.
5.4
Medium
CVE-2022-45917 2022-12-06 23h00 +00:00 ILIAS before 7.16 has an Open Redirect.
6.1
Medium
CVE-2022-45918 2022-12-06 23h00 +00:00 ILIAS before 7.16 allows External Control of File Name or Path.
6.5
Medium
CVE-2022-31266 2022-06-28 22h46 +00:00 In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
4.3
Medium
CVE-2020-23996 2021-05-13 17h49 +00:00 A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
8.8
High
CVE-2020-23995 2021-05-13 17h49 +00:00 An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
6.5
Medium
CVE-2019-1010237 2019-07-22 12h46 +00:00 Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
6.1
Medium
CVE-2018-10306 2018-05-18 11h00 +00:00 Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
6.1
Medium
CVE-2018-10307 2018-05-18 11h00 +00:00 error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
6.1
Medium
CVE-2018-11117 2018-05-17 11h00 +00:00 Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
6.1
Medium
CVE-2018-11118 2018-05-17 11h00 +00:00 The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
6.1
Medium
CVE-2018-11119 2018-05-17 11h00 +00:00 ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
6.1
Medium
CVE-2018-11120 2018-05-17 11h00 +00:00 Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
6.1
Medium