Security-Blog
January 2026
Following 2 security issues have been resolved:
0046643: Exercise: Stored XSS with TinyMCE
0046763: Chatroom: Potential DoS via memory exhaustion (CVE-2025-15284)
Following 3 security issues have been resolved:
0046628: Media Objects: By-Passing Attribute Sanitization in enshrined/svg-sanitizer (CVE-2025-55166)
0046643: Exercise: Stored XSS with TinyMCE
0046763: Chatroom: Potential DoS via memory exhaustion (CVE-2025-15284)
December 2025
Following 8 security issues have been resolved:
0046023: SOAP: Unauthorized function calls
0046024: SOAP: Unauthorized data exposure
0046025: SOAP: Missing source permission check
0046496: ilServer: Apache Tika multiple XXE vulnerabilities
0045883: BackgroundTasks: Missind CSRF token for two commands in ilBTControllerGUI
0045884: BackgroundTasks: Open redirect in ilBTControllerGUI
0045900: BackgroundTasks: Unauthorized deletion of tasks
0045905: Repository: Stored XSS via SVG file upload of custom icons
Following 8 security issues have been resolved:
0046023: SOAP: Unauthorized function calls
0046024: SOAP: Unauthorized data exposure
0046025: SOAP: Missing source permission check
0046496: ilServer: Apache Tika multiple XXE vulnerabilities
0045883: BackgroundTasks: Missind CSRF token for two commands in ilBTControllerGUI
0045884: BackgroundTasks: Open redirect in ilBTControllerGUI
0045900: BackgroundTasks: Unauthorized deletion of tasks
0045905: Repository: Stored XSS via SVG file upload of custom icons
Following 4 security issues have been resolved:
0045883: BackgroundTasks: Missind CSRF token for two commands in ilBTControllerGUI
0045884: BackgroundTasks: Open redirect in ilBTControllerGUI
0045900: BackgroundTasks: Unauthorized deletion of tasks
0045905: Repository: Stored XSS via SVG file upload of custom icons