Ilias Open Source E Learning Platform · Ilias · CVE-2019-1010237
Name of the Vulnerable Software and Affected Versions:
Ilias versions 5.2 through 5.2.20
Ilias versions 5.3 through 5.3.11
Description:
The issue is related to Cross Site Scripting (XSS), specifically Stored XSS (or Persistent), which allows an attacker to execute code in the victim's browser. The component affected is Assessment / TestQuestionPool. The attack vector involves the Cloze Test Text gap for the attacker and the Corrections view for the victim.
Recommendations:
For Ilias versions 5.2 through 5.2.20, update to version 5.2.21 to resolve the issue.
For Ilias versions 5.3 through 5.3.11, update to version 5.3.12 to resolve the issue.