CVE-2019-1010237 - OpenCVE

Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ilias	Ilias

Configuration 1 [-]

OR	cpe:2.3:a:ilias:ilias::::::::
	cpe:2.3:a:ilias:ilias::::::::

No data.

References

Link	Providers
https://docu.ilias.de/goto_docu_pg_116867_35.html
https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5
https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825

History

No history.

MITRE

Status: PUBLISHED

Assigner: dwf

Published: 2019-07-22T14:46:07

Updated: 2024-08-05T03:07:18.440Z

Reserved: 2019-03-20T00:00:00

Link: CVE-2019-1010237

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-22T15:15:10.517

Modified: 2019-10-09T23:44:17.697

Link: CVE-2019-1010237

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Ilias", "vendor": "Ilias", "versions": [{"status": "affected", "version": "5.3 before 5.3.12 and 5.2 before 5.2.21 [fixed: 5.3.12]"}]}], "descriptions": [{"lang": "en", "value": "Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-07-22T14:46:07", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825"}, {"tags": ["x_refsource_MISC"], "url": "https://docu.ilias.de/goto_docu_pg_116867_35.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010237", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ilias", "version": {"version_data": [{"version_value": "5.3 before 5.3.12 and 5.2 before 5.2.21 [fixed: 5.3.12]"}]}}]}, "vendor_name": "Ilias"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825", "refsource": "MISC", "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825"}, {"name": "https://docu.ilias.de/goto_docu_pg_116867_35.html", "refsource": "MISC", "url": "https://docu.ilias.de/goto_docu_pg_116867_35.html"}, {"name": "https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5", "refsource": "MISC", "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.440Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docu.ilias.de/goto_docu_pg_116867_35.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010237", "datePublished": "2019-07-22T14:46:07", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.440Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C1EC872-127E-4713-AF2B-D7ECB07E4569", "versionEndExcluding": "5.2.21", "versionStartIncluding": "5.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*", "matchCriteriaId": "5ABF171E-3500-41A0-8EDE-FD9284B4D8D0", "versionEndExcluding": "5.3.12", "versionStartIncluding": "5.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site Scripting (XSS) - CWE-79 Type 2: Stored XSS (or Persistent). The impact is: Execute code in the victim's browser. The component is: Assessment / TestQuestionPool. The attack vector is: Cloze Test Text gap (attacker) / Corrections view (victim). The fixed version is: 5.3.12."}, {"lang": "es", "value": "Ilias versiones 5.3 anteriores a 5.3.12; versiones 5.2 anteriores a 5.2.21, est\u00e1 afectado por: Cross Site Scripting (XSS) - CWE-79 Tipo 2: XSS Almacenado (o Persistente). El impacto es: Ejecutar c\u00f3digo en el navegador de la v\u00edctima. El componente es: Assessment / TestQuestionPool. El vector de ataque es: fallo de Cloze Test Text (atacante) / Vista de correcciones (v\u00edctima). La versi\u00f3n corregida es: versi\u00f3n 5.3.12."}], "id": "CVE-2019-1010237", "lastModified": "2019-10-09T23:44:17.697", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-22T15:15:10.517", "references": [{"source": "josh@bress.net", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docu.ilias.de/goto_docu_pg_116867_35.html"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/b9150b7194f8cfb1178ca3674a0b3c86b7cd92f5"}, {"source": "josh@bress.net", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/f1c2f906410bf35bb6bd45efff57d2e8da3b3825"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "josh@bress.net", "type": "Secondary"}]}