Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:ilias:ilias:5.3.10:*:*:*:*:*:*:*
Informations
Vendor
iliasProduct
iliasVersion
5.3.10Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
HIGH |
||
| The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
HIGH |
||
| ILIAS before 7.16 allows OS Command Injection. | 8.8 |
HIGH |
||
| ILIAS before 7.16 allows XSS. | 5.4 |
MEDIUM |
||
| ILIAS before 7.16 has an Open Redirect. | 6.1 |
MEDIUM |
||
| ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |
MEDIUM |
||
| In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. | 9.8 |
CRITICAL |
||
| A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | 8.8 |
HIGH |
||
| An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | 6.5 |
MEDIUM |
||
| Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12. | 6.1 |
MEDIUM |
2024©
tesweb SA
