Security-Blog

Die Security-Gruppe informiert über behobene Sicherheitslücken in ILIAS

September 2025

ILIAS 10.2

Tokar, David [tokard], Wolf, Fabian [fwolf] - 23. Sep 2025, 16:05

Following 9 security issues have been resolved:

0045633: Test & Assessment: Stored XSS in Question Pool
0045635: WOPI: Open Redirect
0045738: Certificate: Unauthenticated Remote Code Execution
0045744: Test & Assessment: Unsafe operation during import
0045745: Certificate: Unsanitized SVG Files in Import
0045752: Test & Assessment: Authenticated RCE über unsichere Deserialisierung
0045776: Rating: Missing CSRF Token in Rating request
0045777: Data Collection: Open/Unvalidated Redirect in DataCollections
0045801: Test & Assessment: Fixes Wrong Access Right Check and Route From Test to Question

More…
· Link

ILIAS 9.14

Tokar, David [tokard], Wolf, Fabian [fwolf] - 23. Sep 2025, 16:00

Following 9 security issues have been resolved:

0045633: Test & Assessment: Stored XSS in Question Pool
0045635: WOPI: Open Redirect
0045738: Certificate: Unauthenticated Remote Code Execution
0045744: Test & Assessment: Unsafe operation during import
0045745: Certificate: Unsanitized SVG Files in Import
0045752: Test & Assessment: Authenticated RCE über unsichere Deserialisierung
0045776: Rating: Missing CSRF Token in Rating request
0045777: Data Collection: Open/Unvalidated Redirect in DataCollections
0045801: Test & Assessment: Fixes Wrong Access Right Check and Route From Test to Question

More…
· Link

ILIAS 8.24

Tokar, David [tokard], Wolf, Fabian [fwolf] - 23. Sep 2025, 15:55

Following 7 security issues have been resolved:

0045633: Test & Assessment: Stored XSS in Question Pool
0045738: Certificate: Unauthenticated Remote Code Execution
0045744: Test & Assessment: Unsafe operation during import
0045745: Certificate: Unsanitized SVG Files in Import
0045752: Test & Assessment: Authenticated RCE über unsichere Deserialisierung
0045776: Rating: Missing CSRF Token in Rating request
0045801: Test & Assessment: Fixes Wrong Access Right Check and Route From Test to Question

More…
· Link

August 2025

ILIAS 10.1

Wolf, Fabian [fwolf] - 26. Aug 2025, 16:14

Following 2 security issues have been resolved:

0045628: [UICore] UICore: Improper validation of CSRF tokens
0045642: [Logging] Logging: Plaintext Passwords in Error Logs

More…
· Link

ILIAS 9.13

Wolf, Fabian [fwolf] - 26. Aug 2025, 16:09

Following 2 security issues have been resolved:

0045628: [UICore] UICore: Improper validation of CSRF tokens
0045642: [Logging] Logging: Plaintext Passwords in Error Logs

More…
· Link