Daniel Schlecht

**Name of the Vulnerable Software and Affected Versions** ILIAS versions 7.20 through 7.29 ILIAS versions 8.4 through 8.10 ILIAS version 9.0 **Description** A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. **Recommendations** For ILIAS versions 7.20 through 7.29, update to a version outside of this range to mitigate the risk. For ILIAS versions 8.4 through 8.10, update to a version outside of this range to mitigate the risk. For ILIAS version 9.0, update to a newer version to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** ILIAS versions 7.0.0 through 7.29 ILIAS versions 8.0.0 through 8.10 **Description** A Stored Cross-site Scripting (XSS) issue in the "Import of user role and title of user role" feature allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. **Recommendations** For ILIAS versions 7.0.0 through 7.29, update to version 7.30 or later. For ILIAS versions 8.0.0 through 8.10, update to version 8.11 or later.

**Name of the Vulnerable Software and Affected Versions** ILIAS versions 7.0.0 through 7.29 ILIAS versions 8.0.0 through 8.10 **Description** A Stored Cross-site Scripting (XSS) issue in the "Import of Users and login name of user" feature allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. **Recommendations** For ILIAS versions 7.0.0 through 7.29, update to version 7.30 or later. For ILIAS versions 8.0.0 through 8.10, update to version 8.11 or later.

**Name of the Vulnerable Software and Affected Versions** ILIAS versions 7.0.0 through 7.29 ILIAS versions 8.0.0 through 8.10 **Description** A Stored Cross-site Scripting (XSS) issue allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload. **Recommendations** For ILIAS versions 7.0.0 through 7.29, update to version 7.30 or later. For ILIAS versions 8.0.0 through 8.10, update to version 8.11 or later.

**Name of the Vulnerable Software and Affected Versions** ILIAS versions 7.0 through 7.29 ILIAS versions 8.0 through 8.10 ILIAS version 9.0 **Description** The issue allows remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types. This can be achieved by uploading files of certain types that are not properly validated, leading to potential system compromise. **Recommendations** For ILIAS versions 7.0 through 7.29, update to version 7.30 or later. For ILIAS versions 8.0 through 8.10, update to version 8.11 or later. For ILIAS version 9.0, consider restricting file uploads or disabling administrative privileges until a patch is available. As a temporary workaround, consider disabling the file upload feature for administrative users to minimize the risk of exploitation.