{"id":"CVE-2019-1010237","details":"Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.","modified":"2026-04-10T04:13:41.005215Z","published":"2019-07-22T15:15:10.517Z","references":[{"type":"ADVISORY","url":"https://docu.ilias.de/goto_docu_pg_116867_35.html"},{"type":"FIX","url":"https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5"},{"type":"FIX","url":"https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ilias-elearning/ilias","events":[{"introduced":"b5e252d75801c5c0d47c40e773e502eb78f136bf"},{"fixed":"0956709a860e1b29018568eba94c5d37540d0f2f"},{"introduced":"a3f852a420235507d7cbe57d0e6c485667ab31cb"},{"fixed":"f6fc389498aa34b8ed9dd99a28679f0759bdb9ff"},{"fixed":"b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5"},{"fixed":"f1c2f906410bf35bb6bd45efff57d2e8da3b3825"}],"database_specific":{"versions":[{"introduced":"5.2.0"},{"fixed":"5.2.21"},{"introduced":"5.3.0"},{"fixed":"5.3.12"}]}}],"versions":["v5.2.0","v5.2.13","v5.2.20","v5.2.5","v5.2.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010237.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}