Security-Blog
November 2025
Following 6 security issues have been resolved:
0045738: Unauthenticated Remote Code Execution
0045898: Wiki: Unauthorized Access to LTI Settings
0045899: ilUIPluginRouterGUI: Unauthorized function calls
0045910: fix: Verification of LTI Result Service Calls
0045897: MediaPool: Open/Unvalidated Redirect
0045975: SOAP: Unauthorized function calls
Following 6 security issues have been resolved:
0045738: Unauthenticated Remote Code Execution
0045898: Wiki: Unauthorized Access to LTI Settings
0045899: ilUIPluginRouterGUI: Unauthorized function calls
0045938: Query UI: Known vulnerability in version 1.13.1 (XSS)
0045897: MediaPool: Open/Unvalidated Redirect
0045975: SOAP: Unauthorized function calls
Following 4 security issues have been resolved:
0045738: Unauthenticated Remote Code Execution
0045898: Wiki: Unauthorized Access to LTI Settings
0045899: ilUIPluginRouterGUI: Unauthorized function calls
0045897: MediaPool: Open/Unvalidated Redirect
September 2025
Following 9 security issues have been resolved:
0045633: Test & Assessment: Stored XSS in Question Pool
0045635: WOPI: Open Redirect
0045738: Certificate: Unauthenticated Remote Code Execution
0045744: Test & Assessment: Unsafe operation during import
0045745: Certificate: Unsanitized SVG Files in Import
0045752: Test & Assessment: Authenticated RCE über unsichere Deserialisierung
0045776: Rating: Missing CSRF Token in Rating request
0045777: Data Collection: Open/Unvalidated Redirect in DataCollections
0045801: Test & Assessment: Fixes Wrong Access Right Check and Route From Test to Question
Following 9 security issues have been resolved:
0045633: Test & Assessment: Stored XSS in Question Pool
0045635: WOPI: Open Redirect
0045738: Certificate: Unauthenticated Remote Code Execution
0045744: Test & Assessment: Unsafe operation during import
0045745: Certificate: Unsanitized SVG Files in Import
0045752: Test & Assessment: Authenticated RCE über unsichere Deserialisierung
0045776: Rating: Missing CSRF Token in Rating request
0045777: Data Collection: Open/Unvalidated Redirect in DataCollections
0045801: Test & Assessment: Fixes Wrong Access Right Check and Route From Test to Question