Security-Blog
Die Security-Gruppe informiert über behobene Sicherheitslücken in ILIAS
ILIAS 9.17
Tokar, David [tokard], Wolf, Fabian [fwolf] - Yesterday, 16:30
Following 3 security issues have been resolved:
0046628: Media Objects: By-Passing Attribute Sanitization in enshrined/svg-sanitizer (CVE-2025-55166)
0046643: Exercise: Stored XSS with TinyMCE
0046763: Chatroom: Potential DoS via memory exhaustion (CVE-2025-15284)
0046628: Media Objects: By-Passing Attribute Sanitization in enshrined/svg-sanitizer (CVE-2025-55166)
Affected Version(s) | 9.16 |
Fixed Version(s) | 9.17 |
CVSS Score 4.0 | 5.1 |
CVE-ID | CVE-2025-55166 |
0046643: Exercise: Stored XSS with TinyMCE
Affected Version(s) | 9.16, 10.4, 11.0 Beta1 |
Fixed Version(s) | 9.17, 10.5, 11.0 Beta2 |
CVSS Score 4.0 | 7.3 |
Reported by |
0046763: Chatroom: Potential DoS via memory exhaustion (CVE-2025-15284)
Affected Version(s) | 9.16, 10.4, 11.0 Beta1 |
Fixed Version(s) | 9.17, 10.5, 11.0 Beta2 |
CVSS Score 4.0 | 8.7 |
CVE-ID | CVE-2025-15284 |