ILIAS 5.3.4 has XSS through unsanitized output of PHPSELF, related to shiblogout.php and third-party demo files.