Security-Blog
Die Security-Gruppe informiert über behobene Sicherheitslücken in ILIAS
ILIAS 10.6
Tokar, David [tokard], Wolf, Fabian [fwolf] - 10. Mar 2026, 16:30
Following 3 security issues have been resolved:
0046459: SAML: Open redirect on logout
0046641: Survey: Stored XSS with TinyMCE
0046937: Auth: Logout via CSRF / Potential DoS (Regression)
0046459: SAML: Open redirect on logout
Affected Version(s) | 9.17, 10.5, 11.0 Beta1 |
Fixed Version(s) | 9.18, 10.6, 11.0 Beta2, 12.0 Alpha |
CVSS Score 4.0 | 6.1 |
Reported By | sushi com abacate (https://x.com/sushicomabacate) |
0046641: Survey: Stored XSS with TinyMCE
Affected Version(s) | 9.17, 10.5, 11.0 Beta1 |
Fixed Version(s) | 9.18, 10.6, 11.0 Beta2, 12.0 Alpha |
CVSS Score 4.0 | 7.3 |
Reported By |
0046937: Auth: Logout via CSRF / Potential DoS (Regression)
Affected Version(s) | 10.5, 11.0 Beta1 |
Fixed Version(s) | 10.6, 11.0 Beta2, 12.0 Alpha |
CVSS Score 4.0 | 6 |
Reported By | Michael Jansen (Databay AG) |