CVE-2019-1010237

Name of the Vulnerable Software and Affected Versions: Ilias versions 5.2 through 5.2.20 Ilias versions 5.3 through 5.3.11

Description: The issue is related to Cross Site Scripting (XSS), specifically Stored XSS (or Persistent), which allows an attacker to execute code in the victim's browser. The component affected is Assessment / TestQuestionPool. The attack vector involves the Cloze Test Text gap for the attacker and the Corrections view for the victim.

Recommendations: For Ilias versions 5.2 through 5.2.20, update to version 5.2.21 to resolve the issue. For Ilias versions 5.3 through 5.3.11, update to version 5.3.12 to resolve the issue.