English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

ILIAS 3.5.0

CPE Details

ILIAS 3.5.0
ilias
ilias
3.5.0
2021-05-19 19:47 +00:00
2021-05-19 19:48 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:ilias:ilias:3.5.0:-:*:*:*:*:*:*

Informations

Vendor

ilias

Product

ilias

Version

3.5.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-36485 2023-12-24 23:00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file.
7.2
HIGH
CVE-2023-36486 2023-12-24 23:00 +00:00 The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename.
7.2
HIGH
CVE-2022-45915 2022-12-06 23:00 +00:00 ILIAS before 7.16 allows OS Command Injection.
8.8
HIGH
CVE-2022-45916 2022-12-06 23:00 +00:00 ILIAS before 7.16 allows XSS.
5.4
MEDIUM
CVE-2022-45917 2022-12-06 23:00 +00:00 ILIAS before 7.16 has an Open Redirect.
6.1
MEDIUM
CVE-2022-45918 2022-12-06 23:00 +00:00 ILIAS before 7.16 allows External Control of File Name or Path.
6.5
MEDIUM
CVE-2017-15538 2022-10-03 14:23 +00:00 Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
5.4
MEDIUM
CVE-2022-31266 2022-06-28 22:46 +00:00 In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
9.8
CRITICAL
CVE-2020-23996 2021-05-13 17:49 +00:00 A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
8.8
HIGH
CVE-2020-23995 2021-05-13 17:49 +00:00 An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload.
6.5
MEDIUM
CVE-2018-10428 2018-05-23 18:00 +00:00 ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
6.1
MEDIUM
CVE-2018-5688 2018-01-14 19:00 +00:00 ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
6.1
MEDIUM
CVE-2017-7583 2017-04-07 17:00 +00:00 ILIAS before 5.2.3 has XSS via SVG documents.
6.1
MEDIUM
CVE-2008-5816 2009-01-02 17:00 +00:00 SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
7.5
CVE-2007-5806 2007-11-05 16:00 +00:00 Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.
4.3

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.