Security Advisory

CVE-2020-36944

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-28 17:35:07

Last updated 2026-03-05 01:27:01

Assigner VulnCheck

State PUBLISHED

Description

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.

← Browse all CVEs View on cve.org ↗