ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVSS Score
6.1
EPSS Score
0.02
Published
2018-05-23
ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.
CVSS Score
6.1
EPSS Score
0.033
Published
2018-01-14
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
CVSS Score
5.4
EPSS Score
0.009
Published
2017-10-17
ILIAS before 5.2.3 has XSS via SVG documents.
CVSS Score
6.1
EPSS Score
0.012
Published
2017-04-07
Page 2