CVE-2019-1010237

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-1010237

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010237.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-1010237

Published

2019-07-22T15:15:10.517Z

Modified

2026-04-10T04:13:41.005215Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.

References

Affected packages

Git / github.com/ilias-elearning/ilias

Affected ranges

Type

GIT

Repo

https://github.com/ilias-elearning/ilias

Events

Introduced

b5e252d75801c5c0d47c40e773e502eb78f136bf

Fixed

0956709a860e1b29018568eba94c5d37540d0f2f

Introduced

a3f852a420235507d7cbe57d0e6c485667ab31cb

Fixed

f6fc389498aa34b8ed9dd99a28679f0759bdb9ff

Fixed

b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5

Fixed

f1c2f906410bf35bb6bd45efff57d2e8da3b3825

Database specific

{
    "versions": [
        {
            "introduced": "5.2.0"
        },
        {
            "fixed": "5.2.21"
        },
        {
            "introduced": "5.3.0"
        },
        {
            "fixed": "5.3.12"
        }
    ]
}

Affected versions

v5.*

v5.2.0

v5.2.13

v5.2.20

v5.2.5

v5.2.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010237.json"