Description
ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.openbugbounty.org/reports/608858/
Patch x_refsource_misc
https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d
Scores
CVSS v3
6.1
EPSS
0.0028
EPSS Percentile
51.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
ilias/ilias
5.3.4
Published
May 02, 2018
Tracked Since
Feb 18, 2026