Summary
Detail | |||
---|---|---|---|
Vendor | Ilias | First view | 2023-06-29 |
Product | Ilias | Last view | 2023-12-25 |
Version | 8.0 | Type | Application |
Update | beta4 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ilias:ilias |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.2 | 2023-12-25 | CVE-2023-36486 | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. |
7.2 | 2023-12-25 | CVE-2023-36485 | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. |
5.4 | 2023-06-29 | CVE-2023-36488 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). |
9.8 | 2023-06-29 | CVE-2023-36487 | The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. |
6.1 | 2023-06-29 | CVE-2023-36484 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |