Stored Cross-Site Scripting Issue in Ilias by ILIAS eLearning
CVE-2019-1010237

6.1MEDIUM

Key Information:

Vendor

Ilias

Status
Ilias
Vendor
CVE Published:
22 July 2019

What is CVE-2019-1010237?

The Ilias eLearning platform is prone to a stored Cross-Site Scripting vulnerability located within the Assessment/TestQuestionPool component. This vulnerability enables an attacker to inject malicious scripts into Cloze Test Text gaps, which can then be executed in the browsers of users accessing the Corrections view. Such exploitation can lead to unauthorized actions being carried out on behalf of the victims, potentially compromising their data and security. The issue affects versions 5.3 before 5.3.12 and 5.2 before 5.2.21, with remediation available in later releases.

Affected Version(s)

Ilias 5.3 before 5.3.12 and 5.2 before 5.2.21 [fixed: 5.3.12]

References

https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f9064...
x_refsource_MISC
https://docu.ilias.de/goto_docu_pg_116867_35.html
x_refsource_MISC
https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b719...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.