{"id":"CVE-2018-10428","details":"ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.","modified":"2026-04-10T04:03:52.363957Z","published":"2018-05-23T20:29:00.217Z","references":[{"type":"ADVISORY","url":"https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116793&obj_id=116793&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI"},{"type":"ADVISORY","url":"https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116805&obj_id=116799&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI"},{"type":"ADVISORY","url":"https://www.ilias.de/docu/ilias.php?ref_id=1719&obj_id=116792&from_page=116805&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/147726/ILIAS-5.3.2-5.2.14-5.1.25-Cross-Site-Scripting.html"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/archive/1/542025/100/0/threaded"},{"type":"EVIDENCE","url":"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-007.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ilias-elearning/ilias","events":[{"introduced":"0"},{"fixed":"ba288e35eed9075df6088e216cfe370675b6b2a9"},{"introduced":"b5e252d75801c5c0d47c40e773e502eb78f136bf"},{"fixed":"c98fb5a727163f9416127a5e26c89c8eaa54dc0b"},{"introduced":"a3f852a420235507d7cbe57d0e6c485667ab31cb"},{"fixed":"aad29de0e53aaa23980fa34f4c4f37a1182e04a2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.1.26"},{"introduced":"5.2.0"},{"fixed":"5.2.15"},{"introduced":"5.3.0"},{"fixed":"5.3.4"}]}}],"versions":["v5.1.0","v5.1.0beta2","v5.1.1","v5.1.10","v5.1.13","v5.1.14","v5.1.17","v5.1.18","v5.1.2","v5.1.21","v5.1.22","v5.1.23","v5.1.25","v5.1.5","v5.1.6","v5.1.8","v5.1.9","v5.2.0","v5.2.13","v5.2.14","v5.2.5","v5.2.7","v5.3.0beta1","v5.3.0beta3","v5.3.0beta4","v5.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10428.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}