ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files.
https://www.openbugbounty.org/reports/608858/
https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d
https://github.com/ILIAS-eLearning/ILIAS/commit/3fe6aa778ca06080cf1b7303cbc458aa0c42392a