mjansen

4 exploits Active since May 2018
CVE-2018-10306 WRITEUP MEDIUM WRITEUP
ILIAS <5.3.4 - XSS
Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date.
CVSS 6.1
CVE-2018-10307 WRITEUP MEDIUM WRITEUP
ILIAS <5.3.4 - XSS
error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception.
CVSS 6.1
CVE-2018-11118 WRITEUP MEDIUM WRITEUP
Ilias < 5.1.26 - XSS
The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS via a URI to Services/Feeds/classes/class.ilExternalFeedItem.php.
CVSS 6.1
CVE-2019-1010237 WRITEUP MEDIUM WRITEUP
Ilias <5.3.12, <5.2.21 - XSS
Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.
CVSS 6.1