Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ilias | First view | 2023-06-29 |
| Product | Ilias | Last view | 2023-12-25 |
| Version | 8.0 | Type | Application |
| Update | beta4 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ilias:ilias | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2023-12-25 | CVE-2023-36486 | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. |
| 7.2 | 2023-12-25 | CVE-2023-36485 | The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. |
| 5.4 | 2023-06-29 | CVE-2023-36488 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). |
| 9.8 | 2023-06-29 | CVE-2023-36487 | The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. |
| 6.1 | 2023-06-29 | CVE-2023-36484 | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
