Security-Blog
ILIAS 8.26
Following 4 security issues have been resolved:
0045883: BackgroundTasks: Missind CSRF token for two commands in ilBTControllerGUI
0045884: BackgroundTasks: Open redirect in ilBTControllerGUI
0045900: BackgroundTasks: Unauthorized deletion of tasks
0045905: Repository: Stored XSS via SVG file upload of custom icons
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 4.8 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 5.7 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 6.9 |
Reported by | Ilja Lukin (Fachhochschule Dortmund) |
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 5.5 |
Reported by |