CVSS: -EPSS: %CPEs: -EXPL: 0CVE-2024-33527
https://notcve.org/view.php?id=CVE-2024-33527
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. • baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029 https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1 •
CVSS: 7.1EPSS: %CPEs: -EXPL: 0CVE-2024-33526
https://notcve.org/view.php?id=CVE-2024-33526
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. • baseClass=illmpresentationgui&cmd=layout&ref_id=1719&obj_id=170029 https://insinuator.net/2024/05/security-advisory-achieving-php-code-execution-in-ilias-elearning-lms-before-v7-30-v8-11-v9-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35060
https://notcve.org/view.php?id=CVE-2024-35060
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. Un problema en la librería YAML Python de NASA AIT-Core v2.5.2 permite a los atacantes ejecutar comandos arbitrarios proporcionando un archivo YAML manipulado. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-45q4-h8rr-hgx2 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-35056
https://notcve.org/view.php?id=CVE-2024-35056
NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-gpgj-xrgw-8mx2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35058
https://notcve.org/view.php?id=CVE-2024-35058
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. • https://www.linkedin.com/pulse/remote-code-execution-via-man-in-the-middle-more-ujkze https://github.com/advisories/GHSA-4gxj-5mmr-7pxq • CWE-319: Cleartext Transmission of Sensitive Information •