Alexander Killing

6 exploits Active since Oct 2017
CVE-2017-15538 WRITEUP MEDIUM WRITEUP
ILIAS < 5.1.21 and 5.2.x < 5.2.9 - Authenticated Stored Cross-Site Scripting in Media Objects
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
CVSS 5.4
CVE-2018-10665 WRITEUP MEDIUM WRITEUP
ILIAS 5.3.4 - Cross-Site Scripting via PHP_SELF in shib_logout.php
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
CVSS 6.1
CVE-2018-11117 WRITEUP MEDIUM WRITEUP
ILIAS 5.1.0-5.1.25 - Cross-Site Scripting via Link Attribute
Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a link attribute.
CVSS 6.1
CVE-2018-11119 WRITEUP MEDIUM WRITEUP
ILIAS 5.1.0-5.1.25, 5.2.x, 5.3.0-5.3.4 - Authenticated Open Redirect via return_to_url Parameter
ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter.
CVSS 6.1
CVE-2018-11120 WRITEUP MEDIUM WRITEUP
ILIAS 5.1.0-5.1.25 - Cross-Site Scripting in PCSourceCode
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
CVSS 6.1
CVE-2020-23996 WRITEUP HIGH WRITEUP
ILIAS < 5.3.19 - Authenticated Local File Inclusion and Remote Code Execution via Personal Data Import
A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data.
CVSS 8.8