Alexander Killing

6 exploits Active since Oct 2017
CVE-2017-15538 WRITEUP MEDIUM WRITEUP
Ilias < 5.1.21 - XSS
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
CVSS 5.4
CVE-2018-10665 WRITEUP MEDIUM WRITEUP
Ilias - XSS
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
CVSS 6.1
CVE-2018-11117 WRITEUP MEDIUM WRITEUP
Ilias < 5.1.26 - XSS
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
CVSS 6.1
CVE-2018-11119 WRITEUP MEDIUM WRITEUP
Ilias < 5.1.26 - Open Redirect
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
CVSS 6.1
CVE-2018-11120 WRITEUP MEDIUM WRITEUP
Ilias < 5.1.26 - XSS
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
CVSS 6.1
CVE-2020-23996 WRITEUP HIGH WRITEUP
ILIAS <5.3.19, 5.4.10, 6.0 - RCE
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
CVSS 8.8