CVE-2014-2090

Name of the Vulnerable Software and Affected Versions ILIAS version 4.4.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The vulnerable parameters are tar, tar val, and title.

Recommendations For ILIAS version 4.4.1, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the ilias.php file or avoiding the use of the tar, tar val, and title parameters until a patch is available.